Closed (fixed)
Project:
Similar Entries
Version:
4.7.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
9 Jun 2006 at 12:21 UTC
Updated:
11 Dec 2006 at 16:16 UTC
Jump to comment: Most recent file
Comments
Comment #1
norio commentedThis quick and dirty fix will not show any nodes with '
<?php' in it and will format the node according to the filters you've set.Replace:
With:
PS: You can replace preg_match with strpos(). It will probably run faster.
Comment #2
deekayen commentedI committed check_plain on the title and check_markup on the teaser. Skipping nodes with PHP in them isn't the solution.
Comment #3
(not verified) commentedComment #4
deekayen commentedPatch should be backed out. Check plain is converting too many characters.
Comment #5
deekayen commentedI reverted the check_plain/check_markup/check_output in 4.6 and 4.7. I'm not hot about the idea of evaluating PHP.
Perhaps this thread should take on discussing a way to ignore nodes with the PHP Code evaluator filter enabled or some other alternate patch.
Comment #6
deekayen commentedI re-committed the check_plain/markup/output if nothing else because it probably has some xss benefits.
Comment #7
deekayen commentedSo perhaps now I should just make special str_replaces for this (from http://drupal.org/node/86666):?
e.g., ' ; [minus the space] instead of ', " instead of ".
Comment #8
hickory commentedcheck_plain shouldn't be run on node titles in blocks, it's already being run by the l() function, so characters get double-escaped. Patch attached.
Comment #9
deekayen commentedapplied in HEAD v1.7
Comment #10
(not verified) commented