[geeklog-devel] {blockid}

Joe Mucchiello joe at ThrowingDice.com
Sun May 4 12:15:02 EDT 2008

At 11:25 AM 5/4/2008, Dirk Haun wrote:
>Apart from the slight misnomer (it's not the block's ID, bid, but
>something derived from the block's title), here are some issues I ran into:

Why not just take it from the block name?

Whoa. I was going to say it gets passed through COM_applyFilter. But 
it doesn't. It doesn't even go through COM_stripslashes. It goes 
straight from $_POST['name'] to $name to "....,'$name',...." in DB_save.

In theory block_name should be unique and after a call to 
COM_sanitizeID it should be fine. But you might want to check that 
other problem too.

Joe Mucchiello
Throwing Dice Games

More information about the geeklog-devel mailing list