#100 strange "disallowed" - regexp error

closed-fixed
nobody
Parser (2)
5
2012-02-03
2004-09-14
rodrigo moraes
No

try to post something like ^<%.*?)%@#!

You get a "Disallowed" message inside your item. Is
this an expected behavior?

first reported here:
http://forum.nucleuscms.org/viewtopic.php?t=4679

moraes

Discussion

    • labels: --> Parser
     
  • Logged In: YES
    user_id=315939

    This is caused because the item text is sent through the
    parser as well, with "popup", "image" and "media" as only
    allowed tags.

    Which means any of these sequences will cause 'disallowed'
    errors

    <% ... %>
    <% ... <%
    %> ... <%
    %> ... %>

    We might need to have a special parser where the literal
    content is sent to the output instead of DISALLOWED

     
  • Logged In: YES
    user_id=653766

    It is caused by the <% part of tha sequence of characters.
    Maybe Nucleus can detect the fact that the <% or %> is used
    but that they are surrounded by non-alphabetical characters,
    and provide a more informative warning?

    Just my $0.02

     
  • rodrigo moraes
    rodrigo moraes
    2004-09-16

    Logged In: YES
    user_id=860265

    Currently I'm using the tag <%pagebreak(Title)%> to break
    items in multiple pages with NP_PageBreak. It seems I should
    change the plugin tag in future versions. Maybe
    <!pagebreak(Title)!>... Can you give an advice about this?
    The plugin is going to 1.0...

     
  • Logged In: YES
    user_id=315939

    @moraes: By taking a quick look at it (v0.7), the
    NP_PageBreak plugin appears to subscribe to the PreItem
    event and selecting the page to display there. Don't thing
    this will be a problem since the item text actually being
    parsed will be freed of <%NP_Pagebreak%>

    What I would change in the parse is as follows: any allowed
    actions (popup, image, media and anything else defined in
    the BLOG::highlightAndParse method) will still be allowed.
    The parse action will run in a special mode that doesn't
    display the DISALLOWED warnings

     
  • Frank Truscott
    Frank Truscott
    2012-02-03

    No longer valid. fixed in subsequent release

     
  • Frank Truscott
    Frank Truscott
    2012-02-03

    • status: open --> closed-fixed