[geeklog-devtalk] geeklog-devel digest, Vol 1 #474 - 2 msgs

geeklog-devel-request at lists.geeklog.net geeklog-devel-request at lists.geeklog.net
Wed Jan 5 13:00:01 EST 2005

Previous message: [geeklog-devtalk] COM_refresh not working in Firefox on OS X
Next message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #475 - 8 msgs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Send geeklog-devel mailing list submissions to
geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."

Today's Topics:

1. Re: Filtering in GL2 (Tony Bibbs)
2. GL2 and site relationships (Tony Bibbs)

--__--__--

Message: 1
Date: Tue, 04 Jan 2005 13:45:06 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Filtering in GL2
Reply-To: geeklog-devel at lists.geeklog.net

Blaine, looks good. I have already ported kses to PHP5 and started the
PHP5 port of your class. So far my only comment is that you should
remove the use of global variables and, instead, send them as options
into your constructor:

class sanitize {
function sanitize($options)
{
$this->censorMode = $options['censorMode'];
...
}
}

That way the class isn't GL specific (i.e. to need to use "global $_CONF").

--Tony

Blaine Lang wrote:

>Update: I have just submitted to the 1.3.x CVS my initial version of this

>new class for review.

>I've done some initial testing but not all functions and it's working and

>shows the direction of this work-in-process.

>

>I think the function names and such can still be cleaned up and I don't

>have all the functions created yet.

>

>Let me know if you have any comments once it's approved for your review.

>

>Blaine

>----- Original Message -----

>From: "Blaine Lang" <geeklog at langfamily.ca>

>To: <geeklog-devel at lists.geeklog.net>

>Sent: Sunday, January 02, 2005 1:52 PM

>Subject: Re: [geeklog-devel] Filtering in GL2

>

>

>I wanted to send out an update on this and what I am thinking right now.

>I've been looking at other projects and how we do the current filtering and

>sanitizing of variables and have the following summary of requirements.

>

>This is a generic list and some functions are now handled by the GL2 DB

>Extraction layer but I am thinking we develop this new class and introduce

>it in GL 1.3.X as well.

>

>We have several requirements

>1: Sanitize and filter incoming data variables and remove any potentially

>hostile data

> - Javascript, SQL Injections

> - sanitize numeric id's

>2: Filter data that is not allowed

> - Javascript, HTML tags not allowed

> - Censor

>3: Prepare data for SQL inserts

> - Create clickable links

> - Validate Email and URL links

> - Handle quotes (addslashes if necessary)

> - SPAM Filter

>4: Prepare data for display

> - Convert HTML entities, Newlines to <br /> tags, BBcode like [code] and

>[quote], autotags

> - stripslashes

> - Create crawler friendly links

>5: Prepare data for edit

> - Convert HTML that was added for [code] back to BBcode tag for easier

>editing

> - remove extra <br /> tags but not within [code] tags

>

>A lot of what we need is already in the KSES class and our other COM

>functions.

>The KSES Class can be extended to create the missing functions and then

>document the best practices.

>

>Please review and let me know if you agree with this approach.

>

>----- Original Message -----

>From: "Tony Bibbs" <tony at tonybibbs.com>

>To: <geeklog-devel at lists.geeklog.net>

>Sent: Monday, December 20, 2004 5:17 PM

>Subject: Re: [geeklog-devel] Filtering in GL2

>

>

>Blaine,

>

>Any ETA on when you might get a draft of the class put together? If it

>will be a while, let me know and I can take a stab at it.

>

>--Tony

>

>Blaine Lang wrote:

>

>

>

>>In addition, there is much more code inside the app that is adding or

>>stripping.

>>These have been added over time to address common needs but a major task to

>>replace and consolidate the core GL 1.3 codebase.

>>

>>Still, it would be good to create a new OO based class and start to use it

>>and slowing migrate scripts.

>>The 1.3.x platform and plugins could be used to test such a new common

>>class.

>>

>>I'd like to get more input but would be willing to take the lead on

>>developing this.

>>

>>

>>

>>

>>

>

>_______________________________________________

>geeklog-devel mailing list

>geeklog-devel at lists.geeklog.net

>http://lists.geeklog.net/listinfo/geeklog-devel

>

>_______________________________________________

>geeklog-devel mailing list

>geeklog-devel at lists.geeklog.net

>http://lists.geeklog.net/listinfo/geeklog-devel

>

>_______________________________________________

>geeklog-devel mailing list

>geeklog-devel at lists.geeklog.net

>http://lists.geeklog.net/listinfo/geeklog-devel

>

>

--__--__--

Message: 2
Date: Wed, 05 Jan 2005 11:04:37 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: [geeklog-devel] GL2 and site relationships
Reply-To: geeklog-devel at lists.geeklog.net

One thing missing from the current GL2 data model is the ability to run
multiple sites under one database. These sites may, or may not, have a
relationship of some sort. This definitely needs to be added. I wanted
to quickly describe this and how I am proposing to solve this.

Organizations, particularly businesses, would want to use a CMS like GL2
allowing each entity in their table of organization to have their own
site. These relationships can be in three different modes:

1) Independent. They share the same database but have no relationship
between them. As such they effectively act as their own independent GL2
site

2) Peer-to-Peer. You may have two GL2 sites with different but related
content. This model would allow one site to magically 'submit' items
that can be included on the other site given that site administrator
wants it.

3) Affinities. This covers the scenario I eluded to where you have a
number of GL2 sites that are related to one another. There will always
be a top level 'master' who can create affinities under them who can
control their own content but are subjected to content changes the
'master' feels is appropriate to them.

My first question is do we still want to support this sort of
functionality? Doing so would complicate overall administration but we
could probably hide that complexity if, at installation, we knew the
admin didn't care to run more than one GL2 site in the single database.

--Tony

--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel

End of geeklog-devel Digest

Previous message: [geeklog-devtalk] COM_refresh not working in Firefox on OS X
Next message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #475 - 8 msgs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devtalk mailing list