|
Summary
|
Censorship filter can be bypassed by enclosing swears in hyperlink
|
OOP Censorship filter
|
|
Affects Version/s
|
|
2.0
[ 10122
]
|
|
QA Assignee
|
|
stronk7
|
|
Affects Version/s
|
1.7
[ 10120
]
|
|
|
Affects Version/s
|
1.9
[ 10190
]
|
|
|
Description
|
Students at our school figured out they could swear if they put the word within a hyperlink - e.g.
<a href='#'>SwearWord</a>
I've fixed this and also improved the censorship title so that only admin's can see what the original word was.
Currently the word is blacked out but if you hover over it you can see the swear.
With my mod, hovering over the blacked out swear will show 'censored!' unless you are an admin user.
Obviously, this could be further improved to work from a capability rather than just a legacy check for isadmin()
|
1) OOP formats, making them pluggable (this is apart but could be good idea for 2.0)
2) OOP filters
3) Allow each filter to alter the md5key generated, via filter method. filter->hash() will return a unique string, the results for this could be something like, in this example: "censor:seecensoredwords" for users having the capability, or: "censor:" for the rest. Note that adding this info to the hash sounds nice because it automatically invalidates records when filters are changed, and that isn't happening right now.
4) Make the rest of format_text() and format_string() to work as now, but using that "custom" $md5key that contains all the particularities of the text being formatted.
This improvement will help fix this bug:
> Students at our school figured out they could swear if they put the word within a hyperlink - e.g.
> <a href='#'>SwearWord</a>
|
|
Affects Version/s
|
1.8
[ 10130
]
|
|
|
Affects Version/s
|
1.6
[ 10110
]
|
|
Bug
Resolved
Major
Filters 2.0
