[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] mtpchat2 full name on savannah
From: |
Jaime E . Villate |
Subject: |
Re: [Savannah-hackers] mtpchat2 full name on savannah |
Date: |
Tue, 16 Apr 2002 07:58:48 +0100 |
User-agent: |
Mutt/1.2.5i |
On Mon, Apr 15, 2002 at 05:55:44PM +0200, Mathieu Roy wrote:
> This name should be changed since the "full name" on savannah is mainly
> (only ?) used on HTML pages. For example,
> <mtp&lp; chat2 !
> would to the job.
It is a bug in the sourceforge code then. The SQL tables should be allowed to
include the characters &, <, >, ", ', which should be escaped by the php
scripts before placing them into an HTML page.
Everytime the php scripts access the database, they should immediately call a
function that translates those characters into HTML. That's easy to do, but if
the code is not well structured, it will have to be done in several different
scripts.
Jaime