Ticket #1245 (new defect)
Atom Handler needs better View vs. Edit Distinction for APP
| Reported by: | lildude | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 0.8 |
| Component: | Habari Core Software | Version: | SVN |
| Keywords: | filter atom comments confirmed | Cc: | michaeltwofish |
Description
In a bid to enhance the Markup plugin for use with comments (ie allow commenters to use BBcode etc in comments), I've discovered that the filter_comment_content_atom( $content ) in trunk doesn't seem to have any effect.
Simple usage example. Add the following to any plugin...
public function filter_comment_content_atom( $content )
{
return 'Foo';
}
Then view the comments atom feed, either for a specific post (example.com/post-name/atom/comments) or all comments (example.com/atom/comments) and notice how the comments have NOT been replaced with "Foo".
This is inconsistent with the "post" usage scenario filter_post_content_atom( $content ) which works as expected.
filter_comment_content( $content ) and filter_atom_add_comment( $content ) have the desired effect.
Change History
comment:2 Changed 18 months ago by lildude
- Summary changed from filter_comment_content_atom( $content ) called within a plugin has no effect to filter_comment_content_atom( $content ) called within a plugin has no effect on PHP 5.2.12
comment:3 Changed 16 months ago by rickc
Using PHP 5.2.12, lighttpd, and an sqlite backend I can't reproduce this. The filter replaces the comment content as it should. Looking at the code, filter_post_content_atom uses filter_comment_content_atom uses essentially the same code, so I'm unclear about how one could work and not the other.
comment:4 Changed 16 months ago by chrismeller
- Keywords confirmed added
This bug would happen on any version of PHP. The determining factor is whether you are logged in to Habari or not.
AtomHandler.php:232
$content = ( $this->is_auth() ) ? Utils::htmlspecialchars( $comment->content ) : Utils::htmlspecialchars( $comment->content_atom );
The point here is supposedly to return the 'raw' un-filtered comment content if you are editing a comment over APP. We determine whether you are editing by whether you are logged in (->is_auth()).
In is_auth() we first User::authenticate() you with the HTTP username and password that are provided (if they exist), then call User::identify() to get back the current user object to optionally return a 401 or not.
If you are logged in to Habari, User::identify() will still return the session-based information for your logged in session. This causes the Atomhandler to return raw content instead of filtered content for comments and posts.
Since Atomhandler handles APP as well as regular atom feeds, this would apply to both situations.
This could easily be fixed by only conditionally calling User::identify(), but that's not a *real* fix. The edit vs. view distinction needs to be made in a better way (simply being logged in does not mean you're editing - you could be viewing a feed on your own site or simply viewing comments via APP in a desktop editor to make sure you don't have any spam hanging out).
Looks like another PHP version specific issue.
PHP 5.2.9 works a treat.
PHP 5.2.12 does NOT.