fpgroups (was: Re: qualifier)
fp at casabellagallery.com
fp at casabellagallery.com
Tue Jul 31 20:27:57 PDT 2007
Mark posted
[ snip ]
>
> Shameless, Jose, shameless! :)
>
> It has to be done sometimes, though... *smile*
>
The time is now my man!
> As a practical note, it's not generally wise to pop the password back onto
> the screen when signing people up, mate. Security no-no. And it's
> "immediately", not "inmidiately" on the code snippet return page.
>
The input fields are set as type="password". I have tested it with both
FF and IE and I get ****** every time. Which browser are you using?
> I like the new reface you've done on it. Much more professinal looking,
> Jose. Good job!
Thanks! Trying to keep it lightweight using CSS and some JS
>
> Oooh...nasty! I just looked at my code in the submitted form. It starts
> off fine enough. Then later on your code displays a basic shortfall in
> that it does not escape special entities. Thus, my embedded HTML in my
> snippet causes your display to -break- entirely. That's not my fault, it's
> in your display code. Start spitting out > as >, < as <, " as "
> and the like. If you don't filter special characters, not only are you
> opening yourself to broken visbility issues, but XSS.
>
I now, I am having problem with my layers (DIVs) and keeping text under a
hard wrap to keep it from flowing beyond its intended boundaries. I will
get to it later ...
> It's ironic, as you caught ^A on colons but missed SGML syntax characters.
>
> Well, when you fix it, the code I posted will be 100% readable. :)
>
> Being able to edit would have been a plus. Not seeing it available so
> far, nor can I delete my own snippet. Nor is the posted by or posted
> date actually displayed.
>
I like to avoid redundancy and normally design tables to later link them
when queries are ran. I also wonder if I should allow posting ONLY to
registered members or all visitors. This is why I have not completed
those two fields - The code is there, behind the scene, but commented out.
> And displaying the email addresses as mailto: anchors...also a bad idea.
> Might look into displaying them as plaintext and obfuscated (ie., fpgroups
> [at] fairlite [dot] com), or possibly going to the lengths of having
> them rendered by the GD extensions to PHP. You're creating a nice spam
> aggregator. I can toss fpgroups0..infinity at it if things get unruly and
> I need to reroll new addresses, but others don't have that luxury.
>
I agree! I will look into having this fixed ASAP ... Privacy is critical and
I will do whatever possible to intruders from exploiting this.
> Tip: Work out the major details before plugging things. You generally
> only get a few free shots--make them count for as much as they can!
>
> No offense, man...just trying to help.
>
None taken. I know it is not complete nor really ready for the masses but I
am so excited about this I can't wait.
Hey, I am honored to see you JOINT and I tell you, it is a different feeling
when one can put a face to the person in the other side.
As per the ability to edit, remove, etc. I have those things in my TO DO list.
I am planning on adding a SUGGESTIONS link where people can contribute with
the TO DO list. Comments such as those you posted here belong in a SUGGESTION
box.
Thank very much for taking the time!
Jose Lerebours
PS: Great smile!!!
More information about the Filepro-list
mailing list