[geeklog-devel] Filtering in GL2

Vincent Furia vfuria at gmail.com
Mon Dec 13 23:43:35 EST 2004 

I vote for Blaine. :)

One thing I'd really like to see is for this class to autodetect the
different php.ini settings (magic quotes, others?) as appropriate
(including OS) and react accordingly.  Also, if possible, it should be
able to do basic "sanitizing" of form input without needing an
explicit call by a plugin or function (basically, act directly on
$_REQUEST when the gl script is first called).

I know that is all obvious, but I thought it worth while to state it. 
Let us know if you need any help Blaine. ;)

-Vinny


On Mon, 13 Dec 2004 21:44:21 -0500, Blaine Lang <geeklog at langfamily.ca> wrote:
> Tony wrote:
> > Here I assume you mean the stuff the kses filter does along with stripping
> > of unwanted HTML, right?
> 
> Correct. Today we have a number of format related functions:
>     COM_killJS,
>     COM_checkHTML,
>     COM_handleCode,
>     COM_undoSpecialChars,
>     COM_formatEmail,
>     COM_stripslashes,
>     COM_applyFilter,
>     COM_makeClickableLinks,
>     COM_highlightQuery,
>     COM_santizeID
> 
> I think I got them all
> 
> There are also:
>    COM_buildURL,
>    COM_setArgNames,
>    COM_getArgument
> 
> In addition, there is much more code inside the app that is adding or
> stripping.
> These have been added over time to address common needs but a major task to
> replace and consolidate the core GL 1.3 codebase.
> 
> Still, it would be good to create a new OO based class and start to use it
> and slowing migrate scripts.
> The 1.3.x platform and plugins could be used to test such a new common
> class.
> 
> I'd like to get more input but would be willing to take the lead on
> developing this.
> 
> ----- Original Message -----
> From: "Tony Bibbs" <tony at tonybibbs.com>
> To: <geeklog-devel at lists.geeklog.net>
> Sent: Monday, December 13, 2004 7:29 PM
> Subject: Re: [geeklog-devel] Filtering in GL2
> 
> Blaine Lang wrote:
> 
> >Dirk and I have talked on and off about the need for a OO class that would
> >be more flexible and consistent.
> >Also we need to be able to pass an array of parms so that we don't have to
> >make 10 function calls at times with larger forms for example.
> >
> >This class needs to have all the common dataoperations
> >- filter
> >
> >
> Here I assume you mean the stuff the kses filter does along with
> stripping of unwanted HTML, right?
> 
> >- prepfordisplay - handles stripslashes and html entities
> >- prepforSave  - handles quotes
> >
> >
> Quote handling in GL2 should be transparent to the developer.   Recall
> that all custom SQL goes into a named query file and that the SQL that
> goes in there should use prepared SQL as opposed to the kind of SQL
> found in 1.3.x.  Similarly, Propel handles the retrieval of the data
> into objects so that should be transparent as well.
> 
> >- prepforOS -- handles directory path delimiters for example.
> >
> >
> What else is done here beside path delimiters?
> 
> >- censor
> >
> >
> Sounds good.  Anyone want to take a stab at defining the function
> prototypes of the oo-based class?  I'm not sure of all the things we are
> talking about here.
> 
> --Tony
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>

More information about the geeklog-devel mailing list