[geeklog-devel] Word of warning about COM_makeClickableLinks

Website Master websitemaster at cogeco.net
Fri Jan 23 13:00:16 EST 2009


In Geeklog 1.4.1 this function would not convert a domain name to a link
(like Geeklog.net). Since 1.5 it does which messed with a lot of my articles
and I had to disable this code. Has the new code switched back to the
original way?

If not, can we implement a disable feature in the admin section?

Tom 


-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Sami Barakat
Sent: January-22-09 11:36 AM
To: Geeklog Development
Subject: [geeklog-devel] Word of warning about COM_makeClickableLinks

Before some people start seeing unexpected result from the new
COM_makeClickableLinks function this is just a little word of warning.
The function relies on the text being passed through htmlspecialchars
first.
So:
$text = htmlspecialchars($text);
$text = COM_makeClickableLinks($text);

This is due to difficulties recognising both & and & in the url as
well as terminating before reaching any other entities, such as "
or  
It should not be much of an issue as the only places this function is
used in are the files: lib-comment.php, story.class.php, lib-admin.php
and SLVbase.class.php. I have checked the first two, comments and
stories, and it can be clearly seen as going through htmlspecialchars
but the other two I'm still a little unclear about.

This should only affect urls with html entities in or around the url, such
as:
$text = "\"www.url.com/?foo=bar&bar=foo\"";
$text = htmlspecialchars($text);
echo $text;
// "www.url.com/?foo=bar&bar=foo"

Plugin developers should also keep this in mind if you are making use
of the function.

The function as it is now will work well, a lot better than what we
had before, but I would appreciate it if users could test this in the
upcoming 1.5.2rc1 release and post any bugs they might find.

Sami
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3790 (20090122) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com






More information about the geeklog-devel mailing list