[drupal-docs] migration guidelines thinko?
Gabor Hojtsy
gabor at hojtsy.hu
Sun Sep 4 16:03:23 UTC 2005
>> --------------
>> In general you will want to use check_markup($text, $format, TRUE) prior
>> to validating or saving the $text and use check_markup($text, $format,
>> FALSE) when viewing the $text. In some cases, especially if you are
>> using filters which include PHP code, you probably want to call
>> check_markup($text, $format, FALSE) in the latter case too.
>> --------------
>
> That last sentence doesn't make sense to me.
>
> You want to use $check = TRUE just before rendering content (using the
> filter system) that is potentially unsafe (eg. all content that isn't
> saved yet).
Well, this is why I asked, maybe I am confused, or the matter is
confusing? You should not use TRUE "just before rendering", since TRUE
implies that the current user is the submitter (ie. permission of the
current user is checked), so if the content is displayed later, it
should not be checked with TRUE, or some low privilege user would not be
able to see a PHP parsed page for example. This is why I don't
understand what was the intention of the last sentence.
Goba
More information about the drupal-docs
mailing list