On Jan 23, 2008, at 3:56 PM, Cliff Hirsch wrote:
On 1/23/08 3:44 PM, "John Campbell" <[EMAIL PROTECTED]> wrote:
I just discovered smarty has default modifiers:
http://www.smarty.net/manual/en/variable.default.modifiers.php
Smarty does have an override: {$var|smarty:nodefaults} to cover the
exce
Dropping all submissions with "http://"; will eliminate a good amount of
spam, however you will end up with thousands of robot submitted messages
which contain nonsense messages. I'm not sure how anyone benefits from
this, but I see it a lot.
Ultimately, you will probably resort to putting a ca
On Jan 23, 2008 3:27 PM, John Campbell <[EMAIL PROTECTED]> wrote:
> > Do your pages validate?
> Yes. The extended HTML entities are not required. Check the source of
> this page: http://www.w3c.de/
>
> > What happens in browsers that don't support
> > the characters you're sending?
>
> I don't dev
On 1/23/08 5:34 PM, "Daniel Convissor" <[EMAIL PROTECTED]>
> Now there's no guessing, no need to write "|escape" in each variable use
> and no manually escaping the stuff in your PHP.
Just thought of a potential gotcha. Smarty also has a nl2br function. You
would want to escape before nl2br, other
On Wed, Jan 23, 2008 at 01:54:43PM -0500, John Campbell wrote:
>
> If there is a separation between the programmer and the template
> editor, it presents another problem. Who is responsible for escaping
> the data?
>
> Do you do:
> {$user.first_name|escape} {$user.last_name|escape}
Here, the fol
It sounds like you're talking about input filtering. By escaping I think we
generally mean on the output side. If for example you want to display in a
form textfield the text
John "KIller" Somebody
what would happen if you don't replace the quote characters with the
corresponding html enti
what about http://myViagra.com?
You'll probably need a robust solution for managing all the crap people
can stick into your blog comment space.
Is it a home made blog? (Your own code?) or an off the shelf thing?
- Ben
Susan Shemin wrote:
Is this "escaping" that you guys have been talking abou
Is this "escaping" that you guys have been talking about what you use to filter
acceptable data into textbox form?
If so, can you explain exactly what is being used (e.g., htmlentities) and how
to use it?
Actually I need to filter out nonpermitted characters since someone put a
Viagra advertis
On 1/23/08 3:44 PM, "John Campbell" <[EMAIL PROTECTED]> wrote:
> I just discovered smarty has default modifiers:
> http://www.smarty.net/manual/en/variable.default.modifiers.php
>
> It seems like a good idea. Does anyone use it?
Not a bad ideas as long as you can override it. I pass plenty of st
On Jan 23, 2008 2:33 PM, Rob Marscher <[EMAIL PROTECTED]> wrote:
> On Jan 23, 2008, at 2:01 PM, Cliff Hirsch wrote:
> > On 1/23/08 1:54 PM, "John Campbell" <[EMAIL PROTECTED]> wrote:
> >> If there is a separation between the programmer and the template
> >> editor, it presents another problem. Who
> Do your pages validate?
Yes. The extended HTML entities are not required. Check the source of
this page: http://www.w3c.de/
> What happens in browsers that don't support
> the characters you're sending?
I don't develop for browsers that don't support UTF-8... e.g. IE2. If
they don't have a gl
On 1/23/08 2:33 PM, "Rob Marscher" <[EMAIL PROTECTED]> wrote:
> On Jan 23, 2008, at 2:01 PM, Cliff Hirsch wrote:
>> On 1/23/08 1:54 PM, "John Campbell" <[EMAIL PROTECTED]> wrote:
>>> If there is a separation between the programmer and the template
>>> editor, it presents another problem. Who is r
On Jan 23, 2008, at 2:01 PM, Cliff Hirsch wrote:
On 1/23/08 1:54 PM, "John Campbell" <[EMAIL PROTECTED]> wrote:
If there is a separation between the programmer and the template
editor, it presents another problem. Who is responsible for escaping
the data?
I decided that the view/template has
On Jan 23, 2008 1:43 PM, John Campbell <[EMAIL PROTECTED]> wrote:
> Also, why are you using htmlhentities? It is a useless function. If
> you want to escape html, the correct function is htmlspecialchars.
> Htmlentities should never be used... it is slower, adds no security
> benefit, and it unn
On 1/23/08, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
> On 1/23/08 12:58 PM, "Michael B Allen" <[EMAIL PROTECTED]> wrote:>> Reason:
> > if the browser was really sophisticated about it
> > it could pop-up a dialog that warns you and asks you if you would like
> > to transliterate those characters to
> Because Chris Shiflett touts it! If it works for him...
Shiftlett touts other goofy things, like storing htmlentities in the
database. If it works for him...
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYP
On 1/23/08 1:54 PM, "John Campbell" <[EMAIL PROTECTED]> wrote:
> If there is a separation between the programmer and the template
> editor, it presents another problem. Who is responsible for escaping
> the data?
> I tend to end up with a mix, and it can get quite confusing.
Ditto -- and it is i
On Jan 23, 2008 12:22 PM, Jake McGraw <[EMAIL PROTECTED]> wrote:
> Another benefit is you (the programmer) have complete control over
> what variables get passed from the script to the public facing
> template.
If there is a separation between the programmer and the template
editor, it presents an
On 1/23/08 1:43 PM, "John Campbell" <[EMAIL PROTECTED]> wrote:
> Also, why are you using htmlhentities? It is a useless function. If
> you want to escape html, the correct function is htmlspecialchars.
> Htmlentities should never be used... it is slower, adds no security
> benefit, and it unneces
On Jan 23, 2008 1:16 PM, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
> On 1/23/08 12:58 PM, "Michael B Allen" <[EMAIL PROTECTED]> wrote:>> Reason:
> >>Invalid multibyte sequence in argument
> >> Those curly single and double quotes are killers.
> >
> > The problem isn't htmlentities, it's the charset
On 1/23/08 12:58 PM, "Michael B Allen" <[EMAIL PROTECTED]> wrote:>> Reason:
>>Invalid multibyte sequence in argument
>> Those curly single and double quotes are killers.
>
> The problem isn't htmlentities, it's the charset you're pages are
> emitted in. If you emit an HTML form in ISO-8859-1 and
On 1/23/08, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
> On 1/23/08 10:10 AM, "csnyder" <[EMAIL PROTECTED]> wrote:
> > On Jan 22, 2008 4:11 PM, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
> >
> >> Reason: Invalid multibyte sequence in argument
> >>
> >> Root cause: cut and pasting text from MS Word in X
Another benefit is you (the programmer) have complete control over
what variables get passed from the script to the public facing
template. Hopefully, you've hired a designer that knows better than to
do the following and reveal your db schema to the world:
// Debugging
echo "";
But if you don't,
I was about to write a php cli script to monitor my log files for changes
and if found, email the file to me. But someone has probably already done
this. Are there open source solutions I should be looking at?
Cliff
___
New York PHP Community Talk Mailin
On 1/23/08 10:10 AM, "csnyder" <[EMAIL PROTECTED]> wrote:
> On Jan 22, 2008 4:11 PM, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
>
>> Reason: Invalid multibyte sequence in argument
>>
>> Root cause: cut and pasting text from MS Word in XP.
>
> Neat. Any idea what the offending character or sequenc
On Jan 22, 2008 4:11 PM, Cliff Hirsch <[EMAIL PROTECTED]> wrote:
> Reason: Invalid multibyte sequence in argument
>
> Root cause: cut and pasting text from MS Word in XP.
>
Neat. Any idea what the offending character or sequence was?
___
New York PHP
26 matches
Mail list logo
