On Sat, 31 Jul 2004 16:08:13 -0700
Brion Vibber <brion(a)pobox.com> wrote:
Emmanuel Engelhart wrote:
This patch provides the possibility for adding a
comment with an admin
rollback.
Neat! A couple things to work on:
The comment should be retrieved by WebRequest::getText() rather than
WebRequest::getVal(). This will perform input transcoding on the few
languages that have this extra feature (Esperanto only, currently). You
do not need to use urldecode(); this is done by PHP before we ever see
the data.
Ok
Text put into HTML output should pretty much always be
escaped via
htmlspecialchars() to avoid data corruption problems and HTML/JS
injection attacks. Titles for instance may contain the & character, and
all kinds of trouble ensues if it's not escaped properly.
ok, I hope I escaped everywhere.
Title::getText() will return only the non-namespace
portion, so this
doesn't work on non-article pages. You'll want to use
Title::getPrefixedText().
Ok
Use htmlspecialchars() rather than urlencode() on the user name. The URL
for the form submission will be created by the browser; we just need to
make sure that the browser gets the correct data in the first place.
Ok
Also, try to stick with tabs as Timwi's mentioned;
it gets really messy
to work with files where indentation styles change constantly.
After one hour I manage to reconfigure correctly my emacs, thx for
your patience.
A minor UI quibble; since the comment field
doesn't support line breaks,
it should probably be an <input> rather than a <textarea>. Also it might
be nice to label the comment field and make the form layout a little
more consistent with how similar features look (deletion, blocking).
Ok, I removed the confirm checkbox, Which I found useless.
Thx for all your recommendations.
Emmanuel Engelhart
--
-------------------------------------------------------------------------
En théorie il n'y a pas de différence entre la théorie et la pratique,
en pratique si.
-------------------------------------------------------------------------
Emmanuel Engelhart ICQ UIN : 53388731 TEL (+49)(0)6.22.15.88.03.31