List icky wiki bugs here.

  • ickystriptags filter doesn’t ensure that allowed tags are balanced
  • combination of ickystriptags and markdown filters is causing some strings to be double-encoded
  • if an article is private and cannot be viewed by the current user, then that article’s comments should be private as well.
  • the “Compare” button on the diff page is disabled until a version is selected. this is fine unless the user selects a version and then reloads the page, because firefox will keep the radio button checked without actually notifying the DOM. there may be no fix for this.
  • article titles can include opening HTML tags (though not closing tags, due to the forward-slash restriction in titles), causing all sorts of trouble
  • diff mode allows version IDs belonging to a different article to be specified — mostly harmless, but can be used to circumvent viewing permissions
  • diff mode should raise an error if a nonexistent version ID is specified
  • the ickystriptags filter completely fucks some markup — see feed hassles
    • crude fix for this: instead of running php’s strip_tags(), entity-encode all text and then unencode allowed tags
  • all HTML except for ins, del, and br is stripped out — but this is not 100% safe, because the PHP strip_tags() function that I’m using doesn’t strip unsafe attributes like onmouseover and style: <ins onmouseover=”alert(‘boo!’);”>for example, this should cause an alert to pop up when you move the cursor over it
  • since markdown uses the underscore character to delimit italics, a literal underscore has to be escaped with a backslash — but PHP strips them out! so you have to escape underscores with double backslashes — and then remember to always use them when editing an article, because they always get stripped out! fuck
  • I don’t know how I never noticed this before, but the wikify() function can fail to correctly make wiki links due to a greedy regular expression (here’s an example: SNF blah blah bugs)
  • you can edit an article from an old version, which might encourage users to actually lose content fixed by adding warning when viewing old article version — anyway, this is the way to do reverts
  • user can inadvertantly revert articles under the following scenario:

    1. User A loads article
    2. User B loads article
    3. User B edits article
    4. User A edits article without first reloading

    in this scenario, User A will be working with an old article version, but will not be warned as he usually would be.

    one solution would be to add an xmlhttp call to check the latest article version id when the edit button is clicked…

    article locking would also fix this.

  • changing a version URL to point to a version that does not exist for that article causes the wrong article content to display
  • article modification date isn’t being saved (but maybe i should just use the date of the last article version instead)
  • can’t edit existing article if javascript is disabled
  • some CSS/Javascript paths are hard-coded
  • need to disallow slash characters in article names
  • dates are in pacific time, unlike every single SNF reader
  • articles that begin with non-ASCII characters cause the wiki index to flip out (this is caused by the use of the PHP function strtoupper()… a multibyte aware version of this function is available, but is not available by default — i’ll bug Dreamhost about this)
  • non-ASCII characters throw off the alphabetical ordering of the wiki index (this is because MySQL isn’t returning correctly sorted results)
  • using a non-ASCII character that looks exactly like an ASCII character but is actually a distinct glyph will cause the index to appear to contain duplicate nodes (I won’t be fixing this)
  • something is causing article saves to return status=-2, though everything seems to be OK
  • cancel button doesn’t really work from a preview page
  • the wikilink i18n is interpreted as opening markup for italics; probably an issue with the BBCode parser
  • leading and trailing spaces in article titles should be stripped (for example: bugs )
  • diff controls on history pages don’t work in IE 7
  • the caterpillars are inching backwards and spelling curse words

See also: TODO

[ article last updated 2006-04-28 11:00:27 by cobra libre ]