[geeklog-devtalk] geeklog-devel digest, Vol 1 #514 - 4 msgs

[geeklog-devel-request at lists.geeklog.net]

Send geeklog-devel mailing list submissions to
	geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
	geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
	geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."


Today's Topics:

   1. Re: COM_applyFilter doesn't accept negative numbers (Vincent Furia)
   2. Re: COM_applyFilter doesn't accept negative numbers (Vincent Furia)
   3. slashes (/) in comment titles (Vincent Furia)
   4. GL2 plugins and $_SERVER['ORIG_PATH_INFO'] (Tony Bibbs)

--__--__--

Message: 1
Date: Wed, 23 Feb 2005 13:50:54 -0500
From: Vincent Furia <vfuria at gmail.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] COM_applyFilter doesn't accept negative numbers
Reply-To: geeklog-devel at lists.geeklog.net

I just committed a change to COM_applyFilter to accept negative
numbers (but still not 'e' notation or decimal numbers).

-Vinny


On Sat, 19 Feb 2005 22:37:09 +0100, Dirk Haun <dirk at haun-online.de> wrote:

> Vinny,

> 

> >If you call COM_applyFilter($var, true) you run into a problem if $var

> >is negative.  In that case COM_applyFiler will return 0.

> 

> Yep, I noticed this myself some time ago. Someone reported that it wasn't

> possible to disable poll comments and it came down to the same problem. I

> actually worked around it in admin/poll.php now.

> 

> 

> >Notice the preg_match won't match negative numbers.  This is easily

> >fixed

> 

> Good catch.

> 

> 

> >Is there any problem if we allow numbers like 4e4 to be accepted?

> 

> I couldn't see a reason for us to accept large numbers, especially not in

> that notation. Couple that with an unspecified fear of allowing DoS-type

> attacks in some scenarios.

> 

> In other words, there's no comprehensible reason and we should probably

> be doing more sanity checks before accepting large numeric values instead.

> 

> Which reminds me of an observation from this discussion: <http://

> www.geeklog.net/forum/viewtopic.php?showtopic=48299>. I tried to figure

> out how Geeklog could come up with those SQL errors, and it seems if

> someone tries to post a comment as a reply to a nonexistent comment ID,

> we throw an SQL error. Shouldn't Geeklog catch those?

> 

> bye, Dirk

> 

> --

> http://www.haun-online.de/

> http://geeklog.info/

> 

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devel

>


--__--__--

Message: 2
Date: Wed, 23 Feb 2005 15:06:55 -0500
From: Vincent Furia <vfuria at gmail.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] COM_applyFilter doesn't accept negative numbers
Reply-To: geeklog-devel at lists.geeklog.net

Also,

I have a fix for the SQL errors Dirk mentioned in this thread (see
below).  It lead me to find some other problems (none serious) with
the comment code.  I'll check in fixes for all of this sooner or
later.

-Vinny

On Sat, 19 Feb 2005 22:37:09 +0100, Dirk Haun <dirk at haun-online.de> wrote:

> Which reminds me of an observation from this discussion: <http://

> www.geeklog.net/forum/viewtopic.php?showtopic=48299>. I tried to figure

> out how Geeklog could come up with those SQL errors, and it seems if

> someone tries to post a comment as a reply to a nonexistent comment ID,

> we throw an SQL error. Shouldn't Geeklog catch those?


--__--__--

Message: 3
Date: Wed, 23 Feb 2005 22:31:59 -0500
From: Vincent Furia <vfuria at gmail.com>
To: Geeklog Devel <geeklog-devel at lists.geeklog.net>
Subject: [geeklog-devel] slashes (/) in comment titles
Reply-To: geeklog-devel at lists.geeklog.net

Currently, and for the past since sometime in late 2002/early 2003
geeklog has been doing an extra stripslashes on things coming out of
the database.  Around that time frame we stopped storing the title and
comment in the databases with escaped special characters.

The problem is that if you want a comment with a slash in it ('/') you
currently need to double slash it to get it in the database so that it
shows up correctly.  This is a real PITA.  So I can fix it.  The
problem is how do we fix the pre 2002/2003 comments that still have
escaped special characters?  They'll show up when viewing comments
will all there extra slashes displayed.  This is rather painful to
see.  Of course we can't depend on a date or the contents of the
comments to decide what needs to be stripped and what doesn't (during
an upgrade presumably).

Any ideas on how to handle this?  Should we just release the fix code
and tell people to manually fix the really old comments.

-Vinny

P.S.  Ready to check these code changes in, just waiting for some
feedback on this issue.

--__--__--

Message: 4
Date: Thu, 24 Feb 2005 08:54:41 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: Geeklog-Devel <geeklog-devel at lists.geeklog.net>
Subject: [geeklog-devel] GL2 plugins and $_SERVER['ORIG_PATH_INFO']
Reply-To: geeklog-devel at lists.geeklog.net

I have begin implementing one of the GL2 plugins and getting the 
appropriate framework in place.   I have it so that plugins can live 
happily in one folder in /path/to/geeklog-2/plugins making upgrades, etc 
very easy.  However, I'm using $_SERVER['ORIG_PATH_INFO'] to get 
information on the plugin to call.  Thus:

http://www.example.com/index.php/links

would have $_SERVER['ORIG_PATH_INFO'] = '/links';

This isn't unlike what 1.3.x is doing today.  So my obvious question is 
will this work with PHP5 running under IIS?

I don't have the environment to test that out.  Does someone else?  If 
so I can give you a simple PHP5 script to exercise this.  Next question 
is, if it doesn't work under IIS, do we care?  I'm inclined to say yes 
but figured I'd bring it up one last time.

--Tony


--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel


End of geeklog-devel Digest