[geeklog-devel] Word of warning about COM_makeClickableLinks
Sami Barakat
s.m.barakat at googlemail.com
Thu Jan 22 11:35:53 EST 2009
Before some people start seeing unexpected result from the new
COM_makeClickableLinks function this is just a little word of warning.
The function relies on the text being passed through htmlspecialchars
first.
So:
$text = htmlspecialchars($text);
$text = COM_makeClickableLinks($text);
This is due to difficulties recognising both & and & in the url as
well as terminating before reaching any other entities, such as "
or
It should not be much of an issue as the only places this function is
used in are the files: lib-comment.php, story.class.php, lib-admin.php
and SLVbase.class.php. I have checked the first two, comments and
stories, and it can be clearly seen as going through htmlspecialchars
but the other two I'm still a little unclear about.
This should only affect urls with html entities in or around the url, such as:
$text = "\"www.url.com/?foo=bar&bar=foo\"";
$text = htmlspecialchars($text);
echo $text;
// "www.url.com/?foo=bar&bar=foo"
Plugin developers should also keep this in mind if you are making use
of the function.
The function as it is now will work well, a lot better than what we
had before, but I would appreciate it if users could test this in the
upcoming 1.5.2rc1 release and post any bugs they might find.
Sami
More information about the geeklog-devel
mailing list