[geeklog-devel] Word of warning about COM_makeClickableLinks

Sami Barakat s.m.barakat at googlemail.com
Thu Jan 22 11:35:53 EST 2009


Before some people start seeing unexpected result from the new
COM_makeClickableLinks function this is just a little word of warning.
The function relies on the text being passed through htmlspecialchars
first.
So:
$text = htmlspecialchars($text);
$text = COM_makeClickableLinks($text);

This is due to difficulties recognising both & and & in the url as
well as terminating before reaching any other entities, such as "
or  
It should not be much of an issue as the only places this function is
used in are the files: lib-comment.php, story.class.php, lib-admin.php
and SLVbase.class.php. I have checked the first two, comments and
stories, and it can be clearly seen as going through htmlspecialchars
but the other two I'm still a little unclear about.

This should only affect urls with html entities in or around the url, such as:
$text = "\"www.url.com/?foo=bar&bar=foo\"";
$text = htmlspecialchars($text);
echo $text;
// "www.url.com/?foo=bar&bar=foo"

Plugin developers should also keep this in mind if you are making use
of the function.

The function as it is now will work well, a lot better than what we
had before, but I would appreciate it if users could test this in the
upcoming 1.5.2rc1 release and post any bugs they might find.

Sami



More information about the geeklog-devel mailing list