Opened 11 years ago

Closed 11 years ago

#447 closed Bug/Something is broken (fixed)

bloglist page on blogsmf.mayfirst.org needs better filtering

Reported by: Daniel Kahn Gillmor Owned by: alfredo
Priority: High Component: Tech
Keywords: blogsmf.mayfirst.org Cc:
Sensitive: no

Description

If you visit http://blogsmf.mayfirst.org/bloglist, you'll see a list of member's blogs, along with blog titles. This is a great feature, but i think the list needs better filtering:

  • It currently shows a blog for "user 0" with no title and no username (just parentheses). I'm assuming that this is a but in the selection code involved.
  • users who have attempted to put markup in their blog titles will have it escaped (i.e. shown to users as visible, non-interpreted HTML) in the list here. The tags should actually be stripped, in the same way that they should be stripped when viewing the blog itself. Fortunately, this is just a presentation issue, not a security concern in the way that #179 is.
  • It currently lists members with no entries in their blog at all. I think it would make more sense to only list blogs with at least one entry in them.

Change History (5)

comment:1 Changed 11 years ago by alfredo

I've handled the user 0 problem and the issue of people with no blogs appearing. But I'm stumped on doing the stripping tags thing that Daniel suggests. Can someone help me with that, please?

comment:2 Changed 11 years ago by Jamie McClelland

I think you'll want to use the strip_tags function.

I found the code in the bloguserlist function. Instead of:

$blogname=$blognameget->profile_blogname;
$name=$blognameget->name;

You could use:

$blogname=strip_tags($blognameget->profile_blogname);
$name=strip_tags($blognameget->name);

comment:3 Changed 11 years ago by Daniel Kahn Gillmor

better than using strip_tags() would be to use the exact same filtering drupal uses where it displays the name -- that way upgrades to the drupal filtering techniques will affect your code as well. I don't know drupal well enough to be sure, but my impression is that it was using something like check_markup().

comment:4 Changed 11 years ago by Jamie McClelland

check_markup does a lot more than we want (like adds paragraph breaks, etc). I think it's more designed for chunks of text. However, in this case - I think we really do want to strip tags - we don't want any html formatting in the blog or blogger name display that we don't put there ourselves.

I just add the strip tags to the svn repo (not yet live).

comment:5 Changed 11 years ago by Jamie McClelland

Resolution: fixed
Status: newclosed

Ok - this change is now live.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.