> > 2) When saving data via a form, the system does not properly check
> > auth.data
>
> In my test this seems to work either way. If I am mistaken, send me an
> offlist email with more specifics.
No it doesn't. It doesn't check write auth at all so anyone can write
data to anywhere. In BOLTauth:
old:
if (strpos($line, ": ") === false) continue;
$f = substr($line, 0, strpos($line, ": "));
$f = str_replace('{id}', $BOLTid, $f);
$v = trim(substr($line, strpos($line, ": ") + 1));
new:
$pos = strpos($line, ": ");
if ($pos === false) continue;
$f = substr($line, 0, $pos);
$v = trim(substr($line, $pos + 2));
The keypoint is "1" to "2", others are just some optomization.
> > However I still think it's not good to write it this way, which may
> > lock the superadmin himself.
>
> Good point. Seems the easiest way is to wrap the whole little routine in
> if (BOLTingroup('admin') === false) { }
No it wouldn't work. Because login page will be locked.
> > 2. The return value of Xvalidate seems unreasonable. I thought it
> > should be just like Xif.
>
> What do you mean?
Xvalidate returns the string after " ? " , while Xif returns 'true' or
'false'.
I think the latter would be more resonable.
> > 5. Fixed a missense in system page action.search so that it shows the
> > last query input after submitting the form. I also simplified the
> > param name from myquery to q.
>
> Actually I am planning to fix this a different way. The idea is to
> keep the query cached for speed. But keep it connected to a specific
> user and page.
I mean, in action.search, added a line of passdata: [session passdata
myquery]
I'd favor changing "myquery" to "q" as mentioned before but it's OK
not to do. Just up to you.
> > 9. Changed code.script back to site.script and the related scripts.
> > Also fixed several missenses so that [(script)] works properly.
>
> What is currently wrong with the script function?
It doesn't work, modify > to > :
old: preg_match_all('/(<|<):([_a-z0-9.]+):> ?(.*?)(?=\n<:|
\n<:|$)/s', $script, $commands); // if enable full markup, change \n
to <br />
new: preg_match_all('/(<):([_a-z0-9.]+):> ?(.*?)(?=\n<:|$)/
s', $script, $commands); // if enable full markup, change \n to <br /
>
I deleted the support of < to simplify and improve performance since
they should have already be escaped.
> > 10.Fixed a mistake of 3.3.2f while parsing [messages] before getting
> > zones so that function messages are not showed.
>
> I think function messages are supposed to be shown...
Forgive my poor English. I meant that it doesn't shown and I fixed so
it shows.
That is because I've done the modifications as below. I should have
mentioned them previously.
- removed a line in BOLTcharEncode since it's not used:
$text = str_replace(Array('[messages', '[results'), Array
('%5Bmessages', '%5Bresults'), $text);
- modify BOLTmakepage:
old:
$out = preg_replace('/\[messages( [-_a-z0-9]+)?\]/ie', 'BOLTmessages
("$1")', $out);
$out = str_replace(Array('%5Bmessages', '%5Bresults'), Array
('[messages', '[results'), $out);
new:
$out = preg_replace('/<div class="message" \/>/ie', 'BOLTmessages
("$1")', $out);
- modify markups.php
old:
MarkUp('form', 'inputs', '/(\n?)\[(fo\<rm|session|text|check|radio|
password|hidden|image|select|option|box|file|button|submit|reset|link)
(( {1,2}([-_a-z0-9]+=)?([-_a-z0-9]+\[\]|\"[^\"]*\"|\'[^\']*\'|[^\] ]+))
*)? ?\]/ie', "BOLTMinputs('$2', '$3', '$1')"); // [form]
new:
MarkUp('form', 'inputs', '/(\n?)\[(fo\<rm|session|text|check|radio|
password|hidden|image|select|option|box|file|button|submit|reset|link|
messages|results)(( {1,2}([-_a-z0-9]+=)?([-_a-z0-9]+\[\]|\"[^\"]*\"|
\'[^\']*\'|[^\] ]+))*)? ?\]/ie', "BOLTMinputs('$2', '$3', '$1')"); //
[form]
- modify BOLTMinputs
-- add $query, $lastquery to globals
-- add the following:
> if ($type == 'fo<rm') return BOLTMforms($attr, $initial);
if ($type == 'messages') return '<div class="message" />';
if ($type == 'results') {
if ($query == '') $myquery = $lastquery;
else $myquery = $query;
return BOLTescape($myquery);
}
--
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en.
