 |
 |
 |
 |
|
|
Date: 12/15/00
- Previous message: Rasmus Lerdorf: "Re: [PHP-DOC] Where the heck are these defined?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: jmoore <email protected> [mailto:jmoore <email protected>]
> Sent: 15 December 2000 23:50
> To: php-dev <email protected>
> Subject: [PHP-DEV] PHP 4.0 Bug #8095 Updated: Documentation text is hard
> to decifer
>
>
> ID: 8095
> Updated by: jmoore
> Reported By: grant_mjtr <email protected>
> Old-Status: Open
> Status: Analyzed
> Bug Type: Documentation problem
> Assigned To:
> Comments:
>
> The problem we have here is avoiding people possible using HTML
> maliciously and also making the manual notes readable, maybe we
> need to use nl2br() and then get rid of the <pre> and only allow
> the use of < when either on its on, followed by a ? or =, this
> would solve the problem of malicious HTML being inserted into the
> notes, another option is also to convert \t into  , what do
> others think of this.. a regex to test entries going into the
> database and also all current entries coming out of the database
> shouldnt be too hard to construct but I agree < and > in
> the notes is ugly, what do others think about this as an option,
> can you see any problems with this.. Or allow < in code and
> convert it to < and > and then convert back the ones we can
> veryify to be right... Im just not sure about hot to handle them
> in comparisons cause both < Script> is valid but not easy to
> catch.. as if($testvar < Script) { is also valid.. can anyone
> come up with a good solution??
>
> Previous Comments:
> ------------------------------------------------------------------
> ---------
>
> [2000-12-04 10:19:26] grant_mjtr <email protected>
> Some of the comments added seem to generate html codes for some
> of the symbols for example line 2 below taken from the variable page:
>
> <PRE>
> <?
> $A = 1;
>
> I assume that < is in fact the < symbol. If you are a newbie
> to html and php as I am this makes some of the comments difficult
> to follow. I do code in c, c++ and java so have a fair idea of
> what I want to know how to do, its just difficult to read.
>
> Hope you can sort this out at some point as I have been using the
> manual quite extensively.
>
> Thanks
>
> Michelle Richardson
>
> ------------------------------------------------------------------
> ---------
>
>
> Full Bug description available at: http://bugs.php.net/?id=8095
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
> For additional commands, e-mail: php-dev-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
- Previous message: Rasmus Lerdorf: "Re: [PHP-DOC] Where the heck are these defined?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]