On Mo, 2005-07-25 at 23:40 +0000, Dave Foster wrote: > On Mon, 2005-07-25 at 22:54 +0100, Thomas Wood wrote: > > > Specifically, the things I'm talking about: > > > - Comments still have slashes at quotes > > > > This I've been strugling with for some time. The input should all be > > checked firstly to see if magic quotes is on, and only if it isn't then > > add slashes. > > Yep, I agree... I was only originally speaking about it from the display > perspective, as you can see the \"s right now on the site. It appears > that in html_parse_text in includes/common.inc.php, you could put a > stripslashes somewhere in there. This may solve it popping up in a > number of places, not just comments. Of course, this may cause > problems... probably worth testing or something :) So you suggest stripping all $_GET and $_POST vars on page load? This would work, but also means, that the mysql queries need to be checked, to prevent attacks. > I actually filed a bug before I got your response, not sure if it was > needed but I recorded it anyway. Here is the link: > http://bugzilla.gnome.org/show_bug.cgi?id=311537 The specific problem with comments should be fixed. I have posted a patch for the last bug related to comments (was a dynamic login problem). But there are still problems in account.php. I have even seen a user with a \' in the user name, but don't recall exactly where it was. > It's defintely useful to have Next and Previous links, maybe using the > full text, "next/prev", or "<- prev" and "next ->" would be a decent > solution. > > One thing I've done in the past, when dealing with a number of pages of > items, is to have a box in the middle of the page navigation, that lets > you enter a page number with a little go submit box. It's moderatly > compact, but may not be the best solution. Maybe something that shows > you like 3 pages forward and 3 pages backward from your current page, > and ignores the rest? Many forums do something similar. Yeah, something like this would be a good idea. Benjamin
Attachment:
signature.asc
Description: This is a digitally signed message part