[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [phoenix-dev] Eclipse website login
|
Ah cool. +1 then :)
Karl
Denis Roy wrote:
Karl,
Good catch. All the commented OPT1: stuff should have been completely
removed from the patch. I had started some basic HTML Stripper
routine in the page generation phase that would essentially strip away
the fat from our lovely human-readable indented HTML.
I decided not to venture further into the issue, because much testing
and tweaking would be required (perhaps beyond the benefit of its
implementation).
Denis
Karl Matthias wrote:
Denis,
I think the things that are currently commented out are intended to
be activated as well in the OPT1: section? Not sure if I should be
reviewing that code or not. If not, then
+1
If we are going to enable that code then this line:
+ # OPT1:$stripped_html = preg_replace("/>\s</", "><",
$stripped_html);
will break some valid HTML by eliminating spaces between all tags
where they are sometimes needed. I would also suggest that this line
+ # OPT1:$stripped_html = preg_replace("/^\t*/", "",
$stripped_html);
should replace tabs with spaces for the same reason. True we
couldn't save as many characters but there are valid cases where the
HTML could be munged. Consider the case where an italicized word is
next to a bold word as one example.
Cheers,
Karl
Denis Roy wrote:
Team,
I've implemented a number of changes to eclipse.org-common that are
awaiting some peer review. I have simply added new functions to
app.class.php, and I added two new classes, so this change is fairly
low-risk in that it won't (shouldn't) break any existing code.
Here's what's new:
*1. Support for Bugzilla authentication*
session.class.php was created to allow users to authenticate to our
website. I will design the actual login page, but this will allow
any Phoenix page to "consume" the login session, and determine if
the current user is logged in (or not), extract their name, and
eventually their committer status, etc.
*2. Support for parameter sanitizing SQL*
I added $App->sqlSanitize($_value, $_dbh) which will return a
sanitized value. *We must start ensuring our incoming parameters
are sanitized before going to the database, *even if we're only
issuing SELECT statements against a read-only database*.*
*3. Support for Event Logs*
Currently only used for the purpose of tracking logins, but it could
be for other purposes where an event needs to be logged.
The latest patch at
https://bugs.eclipse.org/bugs/show_bug.cgi?id=209557 is what I would
like to commit to the live site. Please review this patch and +1 it
if you feel it is safe to commit.
Thanks,
Denis
------------------------------------------------------------------------
_______________________________________________
phoenix-dev mailing list
phoenix-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/phoenix-dev
_______________________________________________
phoenix-dev mailing list
phoenix-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/phoenix-dev