On Tue, Sep 22, 2009 at 1:58 PM, DrunkenMonk <[email protected]> wrote:
>
> On Sep 22, 5:14 pm, The Editor <[email protected]> wrote:
>> What version are you using? If you recall I reworked the comm2func
>> function in a recent release to handle this better, but don't see it
>> documented, so perhaps it was more recent. (I'm thinking it was 3.14).
>> Anyway check to see if you have this line in your comm2func function:
>>
>> foreach($args as $f => $v) $value .= "$f='" .
>> str_replace(Array("'",
>> '"'), Array(''', '"'), $v) . "' ";
>
> I couldn't see this, so I upgraded to 3.15 from 3.14
> Didn't help, and I still can't find the "str_replace" part.
>
> Are you sure you included it in the release?
No, it could be just on mine. It will be in the next one though. It is
in engine.php, line 453, replace a very similar line to the following
to the following:
foreach($args as $f => $v) $value .= "$f='" .
str_replace(Array("'",
'"'), Array(''', '"'), $v) . "' ";
It just escapes any parameters in a form value from messing up the
parsing of the arg array... I had problems with the rss plugin. Guess
it was been since the last release. Must by why it wasn't documented!
:)
> Yeah... I have full mysql functionality, essentially the mysql command
> line accessible via boltwire. I don't want to dumb that down when the
> function-version works perfectly fine.
> In fact, I currently have an easier time formatting output with mysql
> than with templates. Especially given mysqls inbuilt math functions.
>
> Once we get this string-escape fixed I'll show you how simple and
> powerful my solution is to use. I'm sure you'll see it my way.
I am excited. Now that I think about it, you are no doubt right. It
would be better to have full msql functionality. That probably is how
I would have done it after thinking about it a bit more. Not sure how
you have handled security though. A simple dumbed down peek function
and poke command might be useful, with the full query function
available perhaps to admins or something. Otherwise, how are you going
to limit the queries? Pardon my ignorance of msql. Haven't looked
into it much. Just thinking out loud. It would be nice to have a
simple security interface with BoltWire, but that may not be possible.
Cheers,
Dan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
