[pLog-svn] r6524 - plog/branches/lifetype-1.2/class/data/forms

Mark Wu markplace at gmail.com
Mon Jun 9 09:22:09 EDT 2008


Take blogAbout field for example, if a user already enterd all information
about his blog,  but he just forgot blogAbout does not accept html tags and
just put <b>Mark Wu</b> in the end of blogAbout.

When he hit the sumbit button, he will lost all his changes..

So, I think the better way is just give the "filterd" data back to him and
tell him what's going on, and he can keep edit the blogAbout.

My original idea post in mailing list is get the "filterd" data back to
user, not just a blank field. I think it is more user friendly.

Mark

> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> Sent: Monday, June 09, 2008 7:38 PM
> To: LifeType Developer List
> Subject: Re: [pLog-svn] r6524 - 
> plog/branches/lifetype-1.2/class/data/forms
> 
>  	I like all of the changes, but I am unsure about this 
> one.  If there is something wrong with the data, I think I 
> would rather see a blank field than a field that has been 
> modified.  Both from a developer's and user's standpoint.
>  	One argument for displaying the filtered value from the 
> user's standpoint is if they accidentally typed in HTML and 
> didn't mean to, then we take care of it.
>  	However, since we don't know what sort of validation 
> was supposed to be done on this field, perhaps filtering HTML 
> isn't the right answer, and I would rather blank it out, than 
> have either bad data passed to the user, or some security 
> hole that we haven't thought of yet.  The user can usually 
> hit the back button if you are worried about him recovering data.
>  	Passing back unknown data to the user seems like a bad idea.
> 
> On Mon, 9 Jun 2008, mark at devel.lifetype.net wrote:
> 
> > Author: mark
> > Date: 2008-06-09 04:00:51 -0400 (Mon, 09 Jun 2008) New 
> Revision: 6524
> >
> > Modified:
> >   
> plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php
> > Log:
> > We still need the value but filtered with 
> Textfilter::filterAllHTML()
> >
> > Modified: 
> > plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php
> > ===================================================================
> > --- 
> plog/branches/lifetype-1.2/class/data/forms/formvalidator.cl
> ass.php	2008-06-09 07:32:35 UTC (rev 6523)
> > +++ 
> plog/branches/lifetype-1.2/class/data/forms/formvalidator.cl
> ass.php	2008-06-09 08:00:51 UTC (rev 6524)
> > @@ -110,6 +110,10 @@
> > 				
> $this->_validationResults["$fieldName"] = $validationResult;
> > 				if($validationResult)
> > 					
> $this->_fieldValues["$fieldName"] = $fieldValue;
> > +				else {
> > +					lt_include( 
> PLOG_CLASS_PATH."class/data/textfilter.class.php" );
> > +					
> $this->_fieldValues["$fieldName"] = 
> Textfilter::filterAllHTML( $fieldValue );
> > +				}
> >
> > 				// if one of the validations is 
> false, then cancel the whole thing
> > 				$finalValidationResult = 
> $finalValidationResult && 
> > $validationResult;
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://limedaley.com/mailman/listinfo/plog-svn
> >
> 
> --
> Jon Daley
> http://jon.limedaley.com
> ~~
> What happens if you get scared half to death twice?
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn



More information about the pLog-svn mailing list