Recent comments
Follow us
Elk News - the email newsletter
Subscribe to the Elk RSS feed, including blog posts, pictures and videos.
Titles only
Full content
Comments aren't included in these feeds. For them you can click the RSS icon in the Recent Comments box.
Our videos at
YouTube
Add new reply
It was funny to read all your comments and process of bug hunting xD It brings back a lot of frustrating memories (hate debugging). When I started working with php I had to do this kind of debugging a lot, even today with debugging tools sometimes is the only way.
Four years ago met Python and some nice frameworks with amazing debugging tools, since then never looked back to PHP. And never used Drupal (but heard nice things about it). Because of that I cannot help a lot, because I don’t know how Drupal works, and I am very rusty in PHP. But after our conversation in facebook I had an idea, but not sure if it is possible or really works. For context, in Facebook you said:
“Ah, but how to fix the bug, I think it is drupal-spesific. I hope to find something searching their forums, and I could also try adding mere "<" into the list of allowed tags.”
1) Allowing the tag “<”, depending if Drupal have other security checks in place, can be risky, because one could insert javascript () or an iframe with risky content in the comments, compromising security (but not sure, depends on other stuff). But if the site has other security checks and it is safe, then this could be a good idea and solution disabling this filter.
One idea that should make it all ok, if possible to make (not sure, because don’t know how Drupal works), is to insert, before the filter mechanism, a piece of code that converts every “<” and “>” char in the comment, to entity format (for example, the html entity code for “<” is “<” ). This way, the “<” char would still be visible as “<” to the users when reading the comments, but internally, the filter mechanism will not recognize “<” as an html tag, because it will be in safe entity code format (“<” = “<”).
For instance, this code could make that quick, if inserted right before the code that makes the filter mechanism:
$converted_comment = htmlspecialchars("original comment", ENT_QUOTES);
Here is the document of this code: http://php.net/manual/en/function.htmlspecialchars.php
(Note: but this code also converts quotes and the “&” char to entity format (“&”), which could break something in Drupal (I am thinking in the filter that converts URL’s to html format, since some URLs can have the “&” char. So the best way and bug free would be to use the str_replace code directly instead, for example:
str_replace("<","<","original comment");
str_replace(">",">","original comment");
Code documentation here: http://www.w3schools.com/php/func_string_str_replace.asp )
PS: sorry if you know already all this and are used to PHP, I know you are very good in programming low level – Unreal World FTW – but no idea if you work with PHP so gave too many details and links)
PS2: maybe Drupal has already a plugin that one can install or an option to convert some chars to entity format.
2) Second idea: But this kind of error should not be happening in a tested CMS like Drupal, it must be specific to the filter code. I don’t know if the filter mechanism is like a plugin that one installs in Drupal, if so, try to uninstall it and install other with same functionality (I worked with Joomla in the past and it worked like this, no idea if Drupal is the same). Pr maybe the filter plugin is old, if possible maybe trying to update to newer version. In last resort, if possible (don’t know the level of accessibility of the plugin and freedom to programme directly inside Drupal), you can edit the filter mechanism code directly in it’s php file, and bug hunt the problem, it is a problem of login, since it needs an exception for when it does not find the closing tag “>” aborting the filtering. But this approach needs one to code in PHP and bug hunt the code, and that can be hard and time consuming (if you post the code of the filter mechanism I can try to help, but I don’t code in PHP for 4 years now, very rusty xD ). The first solution would be best, this is last case idea.
3) Third idea: You can post this problem in a website like http://stackoverflow.com/ It is highly probable that you already know this site. These guys are amazing, they saved my life a lot of times, it is like a social network of informatics that help solve posted questions/problems.
Sorry for the long text. Don’t know if any of this is of some help. Just tried to make a brainstorm and write every idea, in hope that it inspires a solution indirectly. In fact all this could not work, the problem could be entirely different, can be a lot of different things. If I can help with something feel free anytime.
Good luck, hope to hear good news soon :)