Re: v3.3.2 - issues with solution

[The Editor]

On Tue, Jan 5, 2010 at 12:13 PM, Danny <danny0...@gmail.com> wrote:
> Here are some scattered modifications I've also done in v3.3.2f2:
>
> 1.
> old:
> MarkUp('fmt', 'indent', '/\-(&gt;|>)\n?/', '<blockquote>'); // -> <-
> indent (blockquote)
> MarkUp('fmt', 'indentend', '/\n?(&lt;|<)\-/', '</blockquote>'); // ->
> <- indent (blockquote)
>
> new:
> MarkUp('fmt', 'indent', '/\-\&gt;\n?/', '<blockquote>'); // -> <-
> indent (blockquote)
> MarkUp('fmt', 'indentend', '/\n?&lt;\-/', '</blockquote>'); // -> <-
> indent (blockquote)

This is probably a good idea, though I'm not 100% convinced there
aren't exceptions that might have an unescaped < or >. Of course,
maybe this might be a good idea if only to ensure there is not some
security hole somewhere needing to be patched up. I think I'll keep
these out of the core for now until I have some time to test more
thoroughly. Ultimately, I plan to change this to a markup rule that
combines the two into one. We may experiment with a stricter rule at
that time.

> 2.
> deleted the line in BOLTsearchPageList.
> It is useless because we just done explode(',') so no comma should
> exist at that time.
> $p = str_replace(',', '|', $p);

Seems logical...

> 3. removed the line below, and &query and $lastquery from globals in
> BOLTdomarkup, if the modification of [messages] and [results] are done
> as I mentioned previously:
>        if ($content == '[results]' && $query == '' && $lastquery == '')
> return;

I still don't think this is the best route to go. Discussed in other emails...

> 4. In BOLTexecute
> delete:
> $auth = BOLTexists('site.auth.commands');
>
> change:
>                        if ($auth == false) $value = $BOLTcommand($value, 
> $field);
>                        elseif (BOLTauth($pageLink, $command, 'commands')) 
> $value =
> $BOLTcommand($value, $field);
> to:
>                        if (BOLTauth($pageLink, $command, 'commands', false)) 
> $value =
> $BOLTcommand($value, $field);
>
> Just to simplify the code, since if site.auth.commands doesn't exist
> the BOLTauth would always return true.
> But it may slightly decrease the performance.
> If you do this, do the same for BOLTfunc.

It does look simpler but I was thinking about performance actually...
 However, in the case of BOLTfunc, the difference would be trivial, so
I made the change. When I rework the forms to require sessions only,
I'll consider the first change a bit more.

Cheers,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"BoltWire" group.
To post to this group, send email to boltw...@googlegroups.com.
To unsubscribe from this group, send email to 
boltwire+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/boltwire?hl=en.