Re: [phoenix-dev] Eclipse website login

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [phoenix-dev] Eclipse website login

From: Karl Matthias <karl.matthias@xxxxxxxxxxx>
Date: Mon, 26 Nov 2007 08:02:27 -0800
Delivered-to: phoenix-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/phoenix-dev>
List-help: <mailto:phoenix-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/phoenix-dev>, <mailto:phoenix-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/phoenix-dev>, <mailto:phoenix-dev-request@eclipse.org?subject=unsubscribe>
Organization: The Eclipse Foundation
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

Denis,

I think the things that are currently commented out are intended to beactivated as well in the OPT1: section? Not sure if I should bereviewing that code or not. If not, then


+1

If we are going to enable that code then this line:

+		# OPT1:$stripped_html = preg_replace("/>\s</", "><", $stripped_html);

will break some valid HTML by eliminating spaces between all tags wherethey are sometimes needed. I would also suggest that this line


+		# OPT1:$stripped_html = preg_replace("/^\t*/", "", $stripped_html);

should replace tabs with spaces for the same reason. True we couldn'tsave as many characters but there are valid cases where the HTML couldbe munged. Consider the case where an italicized word is next to a boldword as one example.


Cheers,

Karl



Denis Roy wrote:

Team,
I've implemented a number of changes to eclipse.org-common that areawaiting some peer review. I have simply added new functions toapp.class.php, and I added two new classes, so this change is fairlylow-risk in that it won't (shouldn't) break any existing code.
Here's what's new:

*1. Support for Bugzilla authentication*
session.class.php was created to allow users to authenticate to ourwebsite. I will design the actual login page, but this will allow anyPhoenix page to "consume" the login session, and determine if thecurrent user is logged in (or not), extract their name, and eventuallytheir committer status, etc.
*2. Support for parameter sanitizing SQL*
I added $App->sqlSanitize($_value, $_dbh) which will return a sanitizedvalue. *We must start ensuring our incoming parameters are sanitizedbefore going to the database, *even if we're only issuing SELECTstatements against a read-only database*.*
*3. Support for Event Logs*
Currently only used for the purpose of tracking logins, but it could befor other purposes where an event needs to be logged.
The latest patch at https://bugs.eclipse.org/bugs/show_bug.cgi?id=209557is what I would like to commit to the live site. Please review thispatch and +1 it if you feel it is safe to commit.
Thanks,

Denis


------------------------------------------------------------------------

_______________________________________________
phoenix-dev mailing list
phoenix-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/phoenix-dev

Follow-Ups:
- Re: [phoenix-dev] Eclipse website login
  - From: Denis Roy

References:
- [phoenix-dev] Eclipse website login
  - From: Denis Roy

Prev by Date: [phoenix-dev] Eclipse website login
Next by Date: Re: [phoenix-dev] Eclipse website login
Previous by thread: [phoenix-dev] Eclipse website login
Next by thread: Re: [phoenix-dev] Eclipse website login
Index(es):
- Date
- Thread

Breadcrumbs