ID: 8095
Updated by: jimw
Reported By: [EMAIL PROTECTED]
Old-Status: Analyzed
Status: Closed
Bug Type: Documentation problem
Assigned To:
Comments:
not a documentation bug.
Previous Comments:
---------------------------------------------------------------------------
[2000-12-15 18:50:12] [EMAIL PROTECTED]
The problem we have here is avoiding people possible using HTML maliciously and also
making the manual notes readable, maybe we need to use nl2br() and then get rid of the
<pre> and only allow the use of < when either on its on, followed by a ? or =, this
would solve the problem of malicious HTML being inserted into the notes, another
option is also to convert t into  , what do others think of this.. a regex to test
entries going into the database and also all current entries coming out of the
database shouldnt be too hard to construct but I agree < and > in the notes is
ugly, what do others think about this as an option, can you see any problems with
this.. Or allow < in code and convert it to < and > and then convert back the
ones we can veryify to be right... Im just not sure about hot to handle them in
comparisons cause both < Script> is valid but not easy to catch.. as if($testvar <
Script) { is also valid.. can anyone come up with a good solution??
---------------------------------------------------------------------------
[2000-12-04 10:19:26] [EMAIL PROTECTED]
Some of the comments added seem to generate html codes for some of the symbols for
example line 2 below taken from the variable page:
<PRE>
<?
$A = 1;
I assume that < is in fact the < symbol. If you are a newbie to html and php as I
am this makes some of the comments difficult to follow. I do code in c, c++ and java
so have a fair idea of what I want to know how to do, its just difficult to read.
Hope you can sort this out at some point as I have been using the manual quite
extensively.
Thanks
Michelle Richardson
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=8095
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
