[development] t() placeholder changes in HEAD
Derek Wright
drupal at dwwright.net
Sun Aug 20 18:25:06 UTC 2006
On Aug 18, 2006, at 5:39 AM, Morbus Iff wrote:
> I'd like to know the reasoning/discussion behind using the existing
> % for the least obvious (theme_placeholder) and the new and
> entirely unknown @ for the most obvious (check_plain).
in case anyone's confused about this, theme_placeholder() calls
check_plain() for you, so from a security perspective, the 2 are
equivalent. the only real difference is '%' (theme_placeholder) will
wrap your string in <em> whereas '@' (check_plain) won't.
i'm fine with this change to t(), but once again, i must object to
the rather insane combinations of layers of drupal code that might or
might not call check_plain() or otherwise sanitize your output for
you. :( no wonder it's hard for developers to write secure code,
correct code. for the life of me, i can't figure out the reasoning
behind (and therefore have any intuition about) what functions
sanitize my output and which ones don't.
theme_* sometimes does
format_* often does
check_* always does
l() and url() do
...
how are we supposed to keep this stuff straight? from brute-force
repetition of reading api.drupal.org, i can kind of remember now how
do do it right, but it's a waste of time and energy, and the whole
system is *highly* error prone. there are probably dozens of places
that end up sanitizing twice, due to confusion about what what
function does the cleaning, and people err'ing on the side of "better
safe than sorry" (for example, see http://drupal.org/node/
79611#comment-126559).
it's way too late in the dev cycle for this, but i'd cast a large
vote for a much more coherent way of handling output conversion and
sanitizing in the next core API.
thanks,
-derek
More information about the development
mailing list