[pLog-svn] ugh. r6488 breaks our good old friends <, >, < in post text
Jon Daley
plogworld at jon.limedaley.com
Fri Feb 13 15:46:26 EST 2009
I just noticed that due to the htmlDecode call in filterJavascript
for the postText, it (now, as of rev. 6488) converts < to < (in order
to catch the tricky javascript coders) and then the < is removed by the
xhtmlize() call later.
I first thought I could put a htmlentities() or htmlspecialchars()
at the end of filterJavascript(), but that causes all html entities to be
saved as non-html, ie. all < are converted to <
Maybe we do need to switchover to a new filter?
And, please check out the following bug, which is likely the same issue as
what I just found. I see that no one has been testing 1.2.9? Are you all
still using insecure versions of LT (ie. 1.2.8 or 2.0?)
http://bugs.lifetype.net/view.php?id=1579
--
Jon Daley
http://jon.limedaley.com
~~
Atheism is a non-prophet organization
More information about the pLog-svn
mailing list