Post by petefinnigan on Oct 4, 2007 2:28:06 GMT -5
I got an email from someone who had commented on my blog and who had supplied an email address and not a home page, therefore his email address was shown as a link next to his post. he emailed me to ask if i could remove or change his email address as he didnt want it to be harvested. I went to the post and to edit the said comment. I changed the email address to firstname.lastname@example.org and i got the standard "we dont take kindly to that sort of thing here" message.
I haven't looked at the code to see why it occured yet, no time, sorry, i will try and look later but i wanted to make sure its captured for fixing. I fixed the issue for now by editing the .cgi file and the .htm file with vi on the server.
I can't recreate this in my local development environment. I was wondering if you could post a link to the page with this comment? I was able to edit a comment with an email address (1.7.3) and with a comment with spaces.
Post by petefinnigan on Oct 8, 2007 7:08:31 GMT -5
it could be that the issue is not related to the @ symbol as i have just realised that the comment includes some code with single quotes. The blog entry in question is www.petefinnigan.com/weblog/archives/00001096.htm and its the comment by Niels. I edited his email address in vi so its no longer the same. He was obviously able to post the comment in the first place without error so it is related to the differences between comment posting and entry editing.
It was the quote marks. They were gettting turned into "& quot;" and then on editing turned into "|AMP|quot;". The malicious code bell sounds on the pipe character.
This is another todo of mine, to determine why greymatter is so touchy about ampersands. I believe it is a legacy issue, but its something I have to investigate. Eventually we won't need to modify those when saving.
This has been fixed for 1.7.4.
Last Edit: Oct 9, 2007 23:26:11 GMT -5 by coldstone
Post by petefinnigan on Oct 10, 2007 4:29:28 GMT -5
Thanks very much for your reponse. I had the same issue again yesterday with a new blog entry but slightly different vector. I added blog entry www.petefinnigan.com/weblog/archives/00001103.htm yesterday and then realised that the yellow boxes with code in them caused the page to be destroyed as they tried to go right across the screen. I tried to edit the entry but the save failed and I had to resort to vi again.
I suspect this is the same issue as my code has quotes in it.
Also out of interest if you look at both yellow boxes in my blog post and see the emoticon added by GM - the actual text should be whats in the textpad screen dumps directly below the yellow boxes. Can you add this as an issue? - it would be nice to not have code changed into emoticons.
Post by petefinnigan on Oct 11, 2007 14:30:13 GMT -5
Thanks for your reply. Yes I thought of turning off emoticons but that would not satisfy the case where you want to include code that is not "emoticonised" and also use emoticons, so maybe a code such a <code> ... </code> would work, although we should not simply use <code> as its valid tag already in xhtml.
True. I forgot about that. I was wondering if we should invent a gm specific one, or make a note that stuff inside < code > won't be translated? I hate to create gm specific stuff, but on the other hand, now the < code > tag may not work as people expect (if they expect emoticons inside a code block that is).
Now that I think about it though, I would be frustrated if text inside < pre > or < code > tags was turned into emoticons or formatting (__, //, **). Seems like any c-code with a pointer might get mangled by GM.