Re: [Phpslash-devel] stripBadHTML bug - well kinda

[Mike G. <mi...@op...>]

Hello Luis,

On Mon, 2003-07-21 at 11:49, Luis M wrote:
> >    $str = eregi_replace("<a([^>]*)href=\"?([^\"]*)[\"|>]?([^>]*)>",
> >                          "<a href=\\2>", $str);
> >But I haven't gotten it to work just right...
> maybe:
> $str = eregi_replace("<a([^>]*)href=\"?([^\"]*)\"*([^>]*)>",
>                            "<a href=\\2>", $str);

Your solution worked just fine!  Thanks...

> To match 0 or more times the double quote. Note that this regex would fail 
> misserably if people use single quotes also:
> < a href = ' this is valid html ' >
> < a href = ' this is not valid >

Hmm..  That's annoying (to quote my 2 year old).

> In fact, the regex is not even checking for it...

It's only used in the comment section of phpSlash, so its less likey to
be hit on..  

> >I know this isn't something that many folks are likely to do, but for
> >this type of interface it's good to correct simple typos if you can..
> Better yet is to move away from this system and do a simplify interface for 
> composing messages/stories, etc... I heard a lot of noise about this some 
> time ago here in the -devel list. I hope somebody is working on it.

If you want a wiki interface or WYSIWYG interface..  We've incorporated
those both in Back-end..  They are both available for grabbing,
improving, modifying, etc.. 

> In fact, since phpslash project is GPL'ed and other GPL'ed projects already 
> have this functionality, maybe we should just copy and paste this code from 
> them. phpBB is the best I have seen so far. Allowing users to do simle 
> things as:

There must be a class to do phpBB type formatting out there..  

> [link=this is a URL] text to be linked[/link]
> or just [link=http:server] which also becomes a link showing the URL as the 
> text to be clicked.
> And a lot of nice mnemonics like "[b]" for "bold", "[i]" for "italics" and 
> so on, which may or may not match their HTML counter parts < B > and < I > 
> respectively. It's very awkward for people relatively new to the web and 
> HTML to know how to use HTML tags properly.

Yup..  Both for adding the main content to the site as well as the
comments..

> In addition, while we are at it, I know php coders don't like to use 
> client-side scripting languages, but, as an alternative, a 
> javascript/orwhateverotherstandardscript, template could be provided to 
> replace the standard non-javascript ones found in the "basic" and "default" 
> directories. Something that gives users a way of clicking on a button that 
> adds the tags mentioned about for them: B I Link and others.

I was looking around for some dropdown code for a client and was shocked
at how foreign the idea of gpl is in the javascript world..  Found one
good one:
	http://freshmeat.net/projects/dommenu/	

but unless you're going to write the javascript code from scratch, it
becomes trickier to distribute it under the GPL.

> We should learn from phpBB and similar projects about the ease of use they 
> provide to new users and the simplicity for instalation (phpBB installs with 
> one click after knowing the username, password and database to use). Just 
> ideas for the next realeas ;-) Joe?

We've got a basic config script we've set up for BE..  It works, but
need to do more to test it.  It's in the Back-End CVS

config_setup.ini.php & config_setup.php

It uses the existing mysql tables (so as long as there's a slash_all.sql
file that works, it should be able to upload it).  It also writes to the
config.ini.php, but you have to make sure that the permissions are set
properly there so that apache has write permissions..

I don't think this is a security problem if there is a warning that pops
up when folks log in to let them know that the config.ini.php still has
write permission & that these files still exist and need to be deleted:
	config_setup.ini.php & config_setup.php	

Mike
-- 
Mike Gifford, OpenConcept Consulting
Free Software for Social Change -> http://www.openconcept.ca
Site Launch - Make Every Vote Count - http://www.fairvotecanada.org
The cruelest lies are often told in silence. -- Robert L Stevenson