Conversation Between fadillzzz and Hall of Famer
Showing Visitor Messages 31 to 40 of 79
-
Yes, I do actually (I have both MSN and Skype). Why do you ask?
-
Hi there Fadillzzz, do you use MSN, AIM or Skype? Just curious.
-
Hey did you check out the latest post I made in the dev thread?
-
Well yeah, the OOP way. Sure, this sounds like the type of discussion for dev staff. XD
-
Yes, definitely. See, this is actually the thing that I'm looking forward to. Making the code more organizable and maintainable. I personally think that we need to make the code more modular by incorporating OOP into it (and possibly MVC too). Also, shouldn't we be discussing this inside the development thread? LOL
-
I see, it makes perfect sense to me. The secure() function was added for a reason, and in most cases it is quite useful preventing dangers such as SQL injection. So yeah, Id say its better to use html_entity_decode() on text entered by CKeditor. Removing the secure() function can negatively affect other stuff in this script.
Actually I've splited the admin.php and functions.php into multiple files for Mys v1.3.0, so are with the database tables prefix.adoptables and prefix.users since they are getting too long. Also created new folders 'classes', 'functions', 'css' and 'js' for future use, they may not be quite important now but I am sure it will help in a long run. Dont you think so?
-
Ok, so I was just looking at functions.php and I noticed inside the secure() function there's a call to htmlentities() to sanitize the data that are passed into the function. This is the reason why the HTML gets converted to something like <p>. So, one possible solution is to remove the call to that htmlentities(). But of course, it'd much better if we just decode the HTML with html_entity_decode() like what you've done already.
This is something we really need to be careful about. Since it relates to the security of the script. So, let's keep in mind about that htmlentities() call, in case something like this happens again in the future.
-
I think i've found out the cause of this problem. It inserts some weird characters such as <p> to the database and messes up the format. I fixed it already, by applying this function on comments:
$comment = html_entity_decode($comment);
Its weird though, wasnt like this before...
Also I had to apply another function to get the link, image, alignment and font style/color codes to work.
$comment = stripslashes($comment);
The good thing is that almost 90% of CKEditor features are working out normally now, so lets hope for the best.
-
Alright, I will send you the file now. Do you need the entire Mysidia adoptables v1.3.0 or just the shoutbox.php and ckeditor stuff?
-
Ok, sure.
I don't think it's because of some files missing, but rather the code implementation. There could be something interfering with the generated HTML. Something like htmlspecialchars() stuff and whatnot. If you could send me the file, I'd be happy to look at it and see what's wrong.