|
|
Post by petefinnigan on Oct 4, 2007 2:28:06 GMT -5
Hi guys,
I got an email from someone who had commented on my blog and who had supplied an email address and not a home page, therefore his email address was shown as a link next to his post. he emailed me to ask if i could remove or change his email address as he didnt want it to be harvested. I went to the post and to edit the said comment. I changed the email address to blank@blank.com and i got the standard "we dont take kindly to that sort of thing here" message.
I haven't looked at the code to see why it occured yet, no time, sorry, i will try and look later but i wanted to make sure its captured for fixing. I fixed the issue for now by editing the .cgi file and the .htm file with vi on the server.
cheers
Pete
|
|
|
|
Post by coldstone on Oct 4, 2007 17:06:57 GMT -5
Hmm, not good. I wonder if its the @? I will look into this asap.
|
|
|
|
Post by petefinnigan on Oct 5, 2007 8:13:44 GMT -5
Thanks Coldstone,
cheers
Pete
|
|
|
|
Post by coldstone on Oct 7, 2007 20:21:30 GMT -5
I can't recreate this in my local development environment. I was wondering if you could post a link to the page with this comment? I was able to edit a comment with an email address (1.7.3) and with a comment with spaces.
|
|
|
|
Post by petefinnigan on Oct 8, 2007 7:08:31 GMT -5
Hi Coldstone, it could be that the issue is not related to the @ symbol as i have just realised that the comment includes some code with single quotes. The blog entry in question is www.petefinnigan.com/weblog/archives/00001096.htm and its the comment by Niels. I edited his email address in vi so its no longer the same. He was obviously able to post the comment in the first place without error so it is related to the differences between comment posting and entry editing. thanks for your help cheers Pete |
|
|
|
Post by coldstone on Oct 9, 2007 23:25:32 GMT -5
It was the quote marks. They were gettting turned into "& quot;" and then on editing turned into "|AMP|quot;". The malicious code bell sounds on the pipe character.
This is another todo of mine, to determine why greymatter is so touchy about ampersands. I believe it is a legacy issue, but its something I have to investigate. Eventually we won't need to modify those when saving.
This has been fixed for 1.7.4.
|
|
|
|
Post by petefinnigan on Oct 10, 2007 4:29:28 GMT -5
Hi Coldstone, Thanks very much for your reponse. I had the same issue again yesterday with a new blog entry but slightly different vector. I added blog entry www.petefinnigan.com/weblog/archives/00001103.htm yesterday and then realised that the yellow boxes with code in them caused the page to be destroyed as they tried to go right across the screen. I tried to edit the entry but the save failed and I had to resort to vi again. I suspect this is the same issue as my code has quotes in it. Also out of interest if you look at both yellow boxes in my blog post and see the emoticon added by GM - the actual text should be whats in the textpad screen dumps directly below the yellow boxes. Can you add this as an issue? - it would be nice to not have code changed into emoticons. glad you found the issue, thanks again cheers Pete |
|
|
|
Post by coldstone on Oct 10, 2007 13:52:56 GMT -5
Not sure how this would be resolved. We would probably need some sort of < code > < /code > tag that was honored by Gm. Did you have any suggestions?
On the other side though, you could edit the entry to not use emoticons, and then it will not interpolate the smiley characters such as ': )' into emoticons (but will leave the comment smileys there).
|
|
|
|
Post by petefinnigan on Oct 11, 2007 14:30:13 GMT -5
Hi Coldstone,
Thanks for your reply. Yes I thought of turning off emoticons but that would not satisfy the case where you want to include code that is not "emoticonised" and also use emoticons, so maybe a code such a <code> ... </code> would work, although we should not simply use <code> as its valid tag already in xhtml.
cheers
Pete
|
|
|
|
Post by coldstone on Oct 12, 2007 16:37:46 GMT -5
True. I forgot about that. I was wondering if we should invent a gm specific one, or make a note that stuff inside < code > won't be translated? I hate to create gm specific stuff, but on the other hand, now the < code > tag may not work as people expect (if they expect emoticons inside a code block that is).
Now that I think about it though, I would be frustrated if text inside < pre > or < code > tags was turned into emoticons or formatting (__, //, **). Seems like any c-code with a pointer might get mangled by GM.
|
|
|
|
Post by petefinnigan on Oct 18, 2007 4:04:07 GMT -5
exactly, the issue is more complex if someone enters code without <code> or <pre> - for instance i added code in a table and set the font and back colour.
I think the way forward is to use <code> and get GM to not emoticonise between <code> tags. we should also update the entry page to make people aware of this.
cheers
Pete
|
|
|
|
Post by coldstone on Oct 18, 2007 17:33:58 GMT -5
Cool. And by using < code >, it will have the benefit of being able to do css for it without changing the output just code { ... } in the style sheet.
|
|
|
|
Post by petefinnigan on Oct 19, 2007 2:34:22 GMT -5
Exactly, Thanks for your update Coldstone. How easy is to to modify the code to not emoticonise between <code> tags?
cheers
Pete
|
|
|
|
Post by coldstone on Oct 19, 2007 22:54:48 GMT -5
Not sure, I'll probably have to do a regex to replace the < code > to < /code > block with a place holder, do the emoticons, formating, then replace the code block back for the placeholder. The tricky part is that the emoticon replace code has yet to be generisized and is repeated 4 times at least. Something to tackle while I am in there  |
|
