In 1.4.8, inc/functions.php was changed with this result:
[
attachment=14496]
If the htmlspecialchars is necessary, maybe add strip_tags() so the tags in the navigation do not show up? It's done the same way for the forum jump menu I think.
I think it would be a lot cleaner if no HTML was allowed in forum names in general (and instead offer formatting options like how it's done for user names / groups), but that would break backward compatibility I guess...
Related to this is the special character (for example &) case... putting & in the Forum name is invalid HTML, putting & in it makes it a valid &, however with htmlspecialchars it will show up as & again...
Attaching some screenshots of current behaviour
admincp
[
attachment=14497]
admincp 2
[
attachment=14498]
forumdisplay
[
attachment=14499]
forumjump
[
attachment=14500]
index
[
attachment=14501]
usercp
[
attachment=14502]
See:
http://community.mybboard.net/thread-50291.html
The second part (the forumdisplay one) somehow didn't get committed (I could have sworn I did!), so that's a slight problem.
I really don't think HTML should be in forum names. If a user puts in "My & Forum", we should be outputting it as "My & Forum".
strip_tags() on forum edit/create could be a good idea...
Ah, sorry, I have missed that existing bug report. Feel free to merge threads or something.
In the screenshots above the forum name should always show up in the same fashion but currently it's sometimes "<i>My & Forum</i>", sometimes "My & Forum", sometimes "My & Forum", and sometimes "My & Forum". That's at least four different interpretations for one forum name - I haven't tested if and how it shows up in subscription emails.
If you want HTML in forum names, you should probably use only strip_tags(), and not htmlspecialchars(), whereever you need the clean forum name. Since if the forum name is HTML, the special chars already have to be given in & notation by the user.
This would show "My & Forum" wherever HTML is allowed, and "My & Forum" whereever HTML is stripped.
However when you actually need plain text (for example when the forum name should show up in a notification text mail), you'd then have to go one step further and convert the &...; character definitions to their original plain text characters, i.e. use unhtmlchars() if such a thing exists.
If you use both strip tags and htmlspecialchars, that won't work right, since a string can't be both HTML and not HTML at the same time.
(2009-06-29, 08:19 AM)Tomm M Wrote: [ -> ]See: http://community.mybboard.net/thread-50291.html
The second part (the forumdisplay one) somehow didn't get committed (I could have sworn I did!), so that's a slight problem.
I really don't think HTML should be in forum names. If a user puts in "My & Forum", we should be outputting it as "My & Forum".
strip_tags() on forum edit/create could be a good idea...
If html is allowed in forum names right now, then it should stay that way - Because of the way the breadcrumb works, we can't selectively allow forum names because the only information that is passed to the breadcrumb function is the breadcrumb text itself. It doesn't know if it's a thread name to htmlspecialchar_uni or a forum name to allow through.
Either way, you'd be screwing up a lot of people and there would be plenty of complaints if you were to remove html in forum names right now.
In that case, I think the better fix is just a ampersand replacement & with &
Thank you for your bug report.
This bug has been fixed in our internal code repository. Please note that the problem will not be fixed here until these forums are updated.
With regards,
MyBB Group