Deleted expletives - bad form or simply an emoti-con?

gomedia · 2014-07-08 09:55:29

How much fun can you have with TXP form names? Quite a bit actually.

These are all accepted as valid:

00
1
0a
_asd

More amusingly (or worryingly) these also:

Holy Cr@p
Sh!t
\
/
1+1=2
[]{}()
!@#$%^*()_+
|;-)
((d[-_-]b))

These aren’t (in true PHP tradition):

0
whitespace

It should be noted that the Form page chucks an SQL wobbly when saving “\”:

General error Textpattern Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"\"' at line 1 on line 95

So the question is … is Textpattern being too permissive?

Answers on a postcard (polite only please).

Bloke · 2014-07-08 10:36:49

gomedia wrote #281995:

How much fun can you have with TXP form names?

Ahem. Probably should do some sanitization there :-$

I don’t have a problem with 00, 1, 0a or _asd. For that matter, 0 should probably be allowed if we make sure that strict equality checks are performed.

But all the others with symbols should be dumbed down or sanitized, imo. Putting spaces in Form names works and I’d be tempted to permit those since we force attributes to be quoted. But whitespace on its own should be outlawed!

It should be noted that the Form page chucks an SQL wobbly when saving “\”:

Eeek, thanks for the report. Will fix.

gomedia · 2014-07-08 10:54:29

Yep, :-$ works too!

Sorry, Stef … didn’t mean to open a can of worms.

Bloke · 2014-07-08 11:04:45

gomedia wrote #281998:

didn’t mean to open a can of worms.

No apology necessary. It’s a defect. It shall be dealt with and converted to, ummm, what’s the antithesis of a defect? A ‘fect’ mght be appropriate given the thread topic :-p

Textpattern CMS

Textpattern CMS support forum

#1 2014-07-08 09:55:29