Hi all :>
This email contains info about the new check_html() function and other
bugfixes I committed during the weekend: some of them could be
interesting also for module developers: see below.
Features and improvements of the new check_html():
- now relies on PHP strip_tags() [this fixes the "more than 10
qualifiers in one tag" potential bug in the previous implementation)
- the distinguish between "tag only" and "tag and qualifiers" mode had
been dropped: this fixes a lot of stripping bugs which plagued previous
versions. (this change had been also asked from a large number of users)
- stripping of <% %> (PHP ASP-style tags) for better security
- code is now compact and more readable
- tags syntax auto-checking and auto-repair:
"< tag>" -> "<tag>"
"< / tag> -> "</tag>"
"<tag > -> "<tag>
"<tag / > -> "<tag />"
"</tag />" -> "</tag>" (for tags with name<=4 chars)
"</tag />" -> "<tag />" (for tags with name>=5 chars)
since this is based on regexp(s), also all the combinations of the
above are fixed.
Please note that indeed the last 2 transformations might be wrong in
some cases, but those simply rules will work for the most frequent
situations.
- the <script> tag is allowed only in pages being edited by an admin.
it is also NEVER allowed in a comment (even if posted by an admin)
this improves security.
Previous check_html() code is still in place, wrapped in a /* */ comment
for safety's sake.
I also committed an "emergency" new option in the Admin->Configuration
subpanel which restores the default mainpage in case someone messed it
up
Then, during the weekend I also silently committed a set of bug-fixes:
- fixed a bug which prevented Mozilla 0.9.8 and IE6 to correctly deal
with the header("Location: ..."); command.
Even if this had been previously addressed by the new
html_header_location() function introduction, a fix to it was needed.
For those interested in details, the header(); function MUST be
always followed by exit; to be executed. This had been also applied
to the large amount of index.php phpWS has in its source tree.
- fixed a bug which prevented articles to be posted even when empty,
both from users and admins.
More candies to come :>
Bye!
Alessandro
--
Alessandro "TXM" Pisani - al...@ti... - ICQ #2209087
phpWebSite Development Team http://phpwebsite.appstate.edu
INWO Project coordinator http://inwoproject.sourceforge.net
"I will carry you through, hicking and screaming,
and in the end you will thank me"
- Tyler Durden [from "Fight Club"]
|
