[geeklog-devel] Word of warning about COM_makeClickableLinks
Website Master
websitemaster at cogeco.net
Fri Jan 23 13:00:16 EST 2009
In Geeklog 1.4.1 this function would not convert a domain name to a link
(like Geeklog.net). Since 1.5 it does which messed with a lot of my articles
and I had to disable this code. Has the new code switched back to the
original way?
If not, can we implement a disable feature in the admin section?
Tom
-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Sami Barakat
Sent: January-22-09 11:36 AM
To: Geeklog Development
Subject: [geeklog-devel] Word of warning about COM_makeClickableLinks
Before some people start seeing unexpected result from the new
COM_makeClickableLinks function this is just a little word of warning.
The function relies on the text being passed through htmlspecialchars
first.
So:
$text = htmlspecialchars($text);
$text = COM_makeClickableLinks($text);
This is due to difficulties recognising both & and & in the url as
well as terminating before reaching any other entities, such as "
or
It should not be much of an issue as the only places this function is
used in are the files: lib-comment.php, story.class.php, lib-admin.php
and SLVbase.class.php. I have checked the first two, comments and
stories, and it can be clearly seen as going through htmlspecialchars
but the other two I'm still a little unclear about.
This should only affect urls with html entities in or around the url, such
as:
$text = "\"www.url.com/?foo=bar&bar=foo\"";
$text = htmlspecialchars($text);
echo $text;
// "www.url.com/?foo=bar&bar=foo"
Plugin developers should also keep this in mind if you are making use
of the function.
The function as it is now will work well, a lot better than what we
had before, but I would appreciate it if users could test this in the
upcoming 1.5.2rc1 release and post any bugs they might find.
Sami
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3790 (20090122) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
More information about the geeklog-devel
mailing list