Bug #38983
Function zitat (quoting) does not prevent layout corruption
| Status: | Accepted | Start date: | 2012-07-16 | |
|---|---|---|---|---|
| Priority: | Could have | Due date: | ||
| Assignee: | Ines Willenbrock | % Done: | 0% |
|
| Category: | Forum | |||
| Target version: | - | |||
| Votes: | 0 |
Description
The method tx_mmforum_postparser::zitat() replaces quotes with with div tags, without checking the amount out open and close tags. Because of that, layouts could be disturbed.
Example:
1 // input (correct)
2 $text = '
3 [quote="user"]
4 I wrote this
5 [/quote]
6 I answer that';
7
8 // output:
9 // <div class="qoute">":user" wrote: <br />I wrote this</div>I answer that
10
11 // input (no close-quote)
12 $text = '
13 [quote="user"]
14 I wrote this
15 I answer that';
16
17 // output:
18 // <div class="qoute">":user" wrote: <br />I wrote thisI answer that
19
20 // input (no open-quote)
21 $text = '
22 I wrote this
23 [/quote]
24 I answer that';
25
26 // output:
27 // I wrote this</div>I answer that
It does not matter whether the quote is personal or not, the effect happens because there is no check.
Please refer to the attached patch, I'd like to suggest a simplifying rewrite of the tx_mmforum_postparser::zitat() method.
History
Updated by Christian Futterlieb 10 months ago
- File mm_forum_38983.diff added
Updated by Ines Willenbrock 10 months ago
- Status changed from New to Under Review
- Assignee set to Ines Willenbrock
Hi Christian,
I've confirmed that bug and will have a look at your diff.
regards - Ines
Updated by Ines Willenbrock 9 months ago
- Status changed from Under Review to Accepted
- Priority changed from Should have to Could have
Yes, I can reproduce that behaviour. Quotes are not working correctly in the event of broken nesting of bbcodes.
I'd say that goes even further that just quotes.
As the problem seems to be a bit deeper than just the quotes and I don't really understand the proposed patch, I'd reduce priority to could have. If anyone has the time: it seems to me to be a case of tag soup prevention, probably even preventing from entering broken markup into the database.
regards - Ines
Updated by Christian Futterlieb 9 months ago
Hi Ines (and mm_forum folks)!
I'd say that goes even further that just quotes.
In this case: no. Because the mentioned method exists uniquely to replace quotes and has no other jobs.
I rewrote the whole method because of the possibility to decrease unneeded PCRE calls and make the code more transparent:.. and I don't really understand the proposed patch
- The important part are the lines 457-465, where the open-quote-count and the close-quote-count are brought to the same number.
- The whole quotes-replacement happens in line 467-471 and only if it is needed (
if($openCount > 0)).
.. I'd reduce priority to could have.
Please overthink your decision: everyone who runs mm_forum for a non-technical-experienced audience, which does not care or even know about bbcodes, has to self-check all topic listings and repair the invalid markup in the database by hand. Because of this and because a possible solution already exists I'd suggest 'Should have' or even 'Must have'.
Regards, Christian
Updated by Ines Willenbrock 9 months ago
Well, first you seem to miss the name of the quoted person, second: what happens if ANYONE believes to edit the BBCODES from hand and builds something like
[quote=someone][b][/quote][/b]
?
That's what I had in mind, when I said that the problem is way deeper than just the quotes.
You are quite right in mentioning that there is a problem, but I believe that your approach might not be enough.
What would the output of your code be in case of something like this:
[quote=someone] text [quote=anotherone] text [quote=someone] text [/quote] [/quote]
That's not even clear how the nesting is meant to be, is it two nested quotes as siblings in another quote? Or is it three quotes nested with no siblings, only children and a forgotten end tag?
To me it seems like the problem every WYSIWYG HTML Editor with code editing feature is faced: how to prevent invalid markup when the user believes to know enough to edit the code.
Updated by Christian Futterlieb 9 months ago
Hi Ines!
I totally agree your objection.
But the reason for especially this bugreport is that bbcode parsing and bbcode-quotation parsing is not done in the same way and place. For all other bbcode parsing it is possible to edit the regular expressions in the BE module, not so for the quotes. The regular expressions always look for complete logic blocks (i.e. open-tag, content, close-tag), not so the method tx_mmforum_postparser::zitat(), which just replaces all matching quote-tags.
Therefore I'd suggest to accept this problem as a bug in this current system, that could be solved.
The actual logic in the patch (Lines 457 to 465) does:What would the output of your code be in case of something like this:
[quote=someone] text [quote=anotherone] text [quote=someone] text [/quote] [/quote]
- remove super-numerous
[/quote]tags, if any - append missing
[/quote]tags at the end of the text, if needed
- Do not replace supernumerous
[/quote]or[quote]tags
plugin.tx_mmforum_pi1.checkQuotation =
- ignore
- repair (the solution in the patch)
- doNotReplaceFaults (the other suggestion from above)
So, I will not insist on my patch, but I'll try to get a solution with you, that could solve this problem ;)
Regards, Christian
Updated by Christian Futterlieb 9 months ago
- I did not miss the name of the quoted person, take a look at the pattern in line 450 of the patch
- I do not want to force a stupid point-by-point solution, that does not respect a bigger context. Therefore I'd be surely very happy to see the issue with handling senseless user-input solved!
Regards, Christian
Updated by Ines Willenbrock 9 months ago
Sorry, I overlooked the lines 450 and 451.
I've actually asked Martin Helmich to have a look at this one, too, as I'm a bit unsure, how to handle the whole bbcode translation best.
regards - Ines