[pLog-svn] r6088 - plog/branches/lifetype-1.2/class/security

Mark Wu markplace at gmail.com
Thu Nov 29 09:42:10 EST 2007

Hi Oscar:

> Two things:
> - If you only run the filters once, how do you ensure that 
> all those filters that want to do some cleanup work, actually 
> get to do that cleanup work?

Our filters just return "valid" or "not valid", it won't break unless we use
"break" or "die"

You can see rev 6087, we use break to break the rest of filters runs, that's
why we need 2nd run.

After we run all filters, then in blogAction, it will check the
$this->_result from pipeline class, if fails it just 'die'.... 
> - The pipeline has been working like this for a while now. 
> When you fixed the issue related to XSS when the bayesian 
> filter runs (as this is from where this conversation 
> started), did the fact that the pipeline runs twice break 
> something else? Because if it didn't break anything else, 
> perhaps we shouldn't fix what ain't broken? :)

As I said in previous mail, it is not a problemjust becasue we "hide" it ...

For example, authimage will  delete the image twice, then I use @unlink() to
hide it.

But, in this XSS bug, the comment will add two times after bayesian mark it
as spam...

Then, that's a problem, becasue I can not use any "@" or set reporting_level
to 0 to hide it.


More information about the pLog-svn mailing list