fpgroups (was: Re: qualifier)

fp at casabellagallery.com fp at casabellagallery.com
Tue Jul 31 20:27:57 PDT 2007


Mark posted

[ snip ]
> 
> Shameless, Jose, shameless!  :)
> 
> It has to be done sometimes, though...  *smile*
> 

The time is now my man!


> As a practical note, it's not generally wise to pop the password back onto
> the screen when signing people up, mate.  Security no-no.  And it's
> "immediately", not "inmidiately" on the code snippet return page.
> 

The input fields are set as type="password". I have tested it with both
FF and IE and I get ****** every time.  Which browser are you using?


> I like the new reface you've done on it.  Much more professinal looking,
> Jose.  Good job!

Thanks!  Trying to keep it lightweight using CSS and some JS

> 
> Oooh...nasty!  I just looked at my code in the submitted form.  It starts
> off fine enough.  Then later on your code displays a basic shortfall in
> that it does not escape special entities.  Thus, my embedded HTML in my
> snippet causes your display to -break- entirely.  That's not my fault, it's
> in your display code.  Start spitting out > as &gt;, < as &lt;, " as &quot;
> and the like.  If you don't filter special characters, not only are you
> opening yourself to broken visbility issues, but XSS.
> 

I now, I am having problem with my layers (DIVs) and keeping text under a 
hard wrap to keep it from flowing beyond its intended boundaries.  I will
get to it later ...

> It's ironic, as you caught ^A on colons but missed SGML syntax characters.
> 
> Well, when you fix it, the code I posted will be 100% readable.  :)
> 
> Being able to edit would have been a plus.  Not seeing it available so
> far, nor can I delete my own snippet.  Nor is the posted by or posted
> date actually displayed.  
> 

I like to avoid redundancy and normally design tables to later link them
when queries are ran.  I also wonder if I should allow posting ONLY to
registered members or all visitors.  This is why I have not completed
those two fields - The code is there, behind the scene, but commented out.

> And displaying the email addresses as mailto: anchors...also a bad idea.
> Might look into displaying them as plaintext and obfuscated (ie., fpgroups
> [at] fairlite [dot] com), or possibly going to the lengths of having
> them rendered by the GD extensions to PHP.  You're creating a nice spam
> aggregator.  I can toss fpgroups0..infinity at it if things get unruly and
> I need to reroll new addresses, but others don't have that luxury.
> 

I agree!  I will look into having this fixed ASAP ... Privacy is critical and
I will do whatever possible to intruders from exploiting this.

> Tip:  Work out the major details before plugging things.  You generally
> only get a few free shots--make them count for as much as they can!
> 
> No offense, man...just trying to help.
> 

None taken.  I know it is not complete nor really ready for the masses but I
am so excited about this I can't wait.

Hey, I am honored to see you JOINT and I tell you, it is a different feeling
when one can put a face to the person in the other side.

As per the ability to edit, remove, etc. I have those things in my TO DO list.
I am planning on adding a SUGGESTIONS link where people can contribute with
the TO DO list.  Comments such as those you posted here belong in a SUGGESTION
box.

Thank very much for taking the time!


Jose Lerebours

PS:  Great smile!!!




More information about the Filepro-list mailing list