[Phpwebsite-developers] moer crash landings.... :>

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all :>
This email contains info about the new check_html() function and other
bugfixes I committed during the weekend: some of them could be
interesting also for module developers: see below.

Features and improvements of the new check_html():

 - now relies on PHP strip_tags() [this fixes the "more than 10
qualifiers in one tag" potential bug in the previous implementation)

 - the distinguish between "tag only" and "tag and qualifiers" mode had
been dropped: this fixes a lot of stripping bugs which plagued previous
versions. (this change had been also asked from a large number of users)

 - stripping of <% %> (PHP ASP-style tags) for better security

 - code is now compact and more readable

 - tags syntax auto-checking and auto-repair:
        "<  tag>" -> "<tag>"
        "< / tag> -> "</tag>"
        "<tag  > -> "<tag>
        "<tag / > -> "<tag />"
	"</tag />" -> "</tag>" (for tags with name<=4 chars)
        "</tag />" -> "<tag />" (for tags with name>=5 chars)
   since this is based on regexp(s), also all the combinations of the
   above are fixed.
   Please note that indeed the last 2 transformations might be wrong in
   some cases, but those simply rules will work for the most frequent
   situations.

 - the <script> tag is allowed only in pages being edited by an admin.
   it is also NEVER allowed in a comment (even if posted by an admin)
   this improves security. 

Previous check_html() code is still in place, wrapped in a /* */ comment
for safety's sake.

I also committed an "emergency" new option in the Admin->Configuration
subpanel which restores the default mainpage in case someone messed it
up

Then, during the weekend I also silently committed a set of bug-fixes:

 - fixed a bug which prevented Mozilla 0.9.8 and IE6 to correctly deal
with the header("Location: ..."); command.
   Even if this had been previously addressed by the new
html_header_location() function introduction, a fix to it was needed.
   For those interested in details, the header(); function MUST be
   always followed by exit; to be executed. This had been also applied
to the large amount of index.php phpWS has in its source tree.

 - fixed a bug which prevented articles to be posted even when empty,
both from users and admins.

More candies to come :>
Bye!
Alessandro

-- 
Alessandro "TXM" Pisani - al...@ti... - ICQ #2209087
phpWebSite Development Team http://phpwebsite.appstate.edu
INWO Project coordinator http://inwoproject.sourceforge.net

"I will carry you through, hicking and screaming,
 and in the end you will thank me"
 - Tyler Durden [from "Fight Club"]