[geeklog-devtalk] Special character handling

[Christopher Wolfe]

Following some glitches that caught my attention in the 1.3.8 codebase
I went digging through the special character handling in the current
CVS version. Assuming I am reading the code correctly, COM_applyFilter
(in addition to doing other things) now cuts string parameters off at
the first quote/tick/semicolon/backslash.

Obviously this is a bit of a problem, as COM_applyFilter is used on
things like the search and highlight strings. In addition I think it
would make the code cleaner if it were usable on every user-supplied
input (though opinions will vary on that). Any current thoughts/plans
for fixing this?

Experimenting on my local copy, I plugged a pseudo-URL encoder into
COM_applyFilter, and it doesn't look to have broken anything (escaped
everything but alphanumerics, space to +, others to %FF). Using the
HTML character entities would probably be nicer for output, as I
suspect COM_applyFilter removing semi-colons is unnecessary, but
decided to be lazy. Both formats are conveniently safe inside PHP and
SQL quoted strings.

If there is nothing in the pipe I will start walking HTML character
entities through a proper data trace.

Side note: finished a few new plugin hooks in to allow plugins to add
commands to the story submission page and comment listing (by delete).
The associated plugins have been scrapped due to lack of interest, but
I can provide the hook patches to anyone interested.

Chris