SMF bug 4905 (signature length verified before preparsecode)

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
To clarify: preparsecode will do some operations to any bbcode to sanitise it (like strip 'html' bbcode from non admins), but it will also do expansions on things like /me and reformat certain URL type bbcodes to use full URLs.

This is a particularly tricky situation - because while a signature may be shorter than the limit, by the time it's preparsed it will may well go over the limit - and it may prevent subsequent saves to the signature too (if for example a URL is expanded, and it goes from limit - 1 to over the limit, you won't be able to save that signature even unchanged), and that's before we get into the realms of dealing with the line breaks becoming br tags.

What we might have to do is move the preparsecode before the length test, but proceed to flatten line breaks to a single character for the purposes of fairness.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

Nao

  • Dadman with a boy
  • Posts: 16,068

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278

Nao

  • Dadman with a boy
  • Posts: 16,068
Re: SMF bug 4905 (signature length verified before preparsecode)
« Reply #3, on March 1st, 2012, 10:16 PM »
If people want to limit the number of images in a signature, a size limit isn't gonna cut it -- after all they can use shortlinks. They'd rather see a limitation in the number of tags, then... Or better, a limitation in the number of links, images and media items. Why not... Then again, there are also people who like ensuring their signatures are, at the same time, as short and compact as possible, and as informative as they want them to be -- i.e. a list of links inside small icons, like your own sig.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278

Nao

  • Dadman with a boy
  • Posts: 16,068

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: SMF bug 4905 (signature length verified before preparsecode)
« Reply #6, on March 1st, 2012, 11:18 PM »
That particular page is proper admin settings, which I don't have.[1] Besides, there is something quite *nice* about having limits to work within, brings out the optimiser in me.


The best solution, really, to this problem says to me that a rethink of "what the aim of sig bbc options is there for" might be necessary.

What purpose is it trying to solve?
  Well, it's trying to solve signature abuse with mashups of horrendous markup.

What purpose does the signature length have?
  It prevents people from having obscenely large signatures.

In that respect, the setup is mostly fine as it is, that it's not the intent that's at fault, but the execution. But there's a side effect to the signature length - it also limits how many links and so on.

Do we want to limit the number of links that can be in a signature? Or number of images?
  Could be interesting but it's also a can of worms because that implies things like per-group settings. (Though, having regular members/moderators/admins as divisions seems quite sane to me. But even then I can imagine sites wanting to give out 'extra links' as a premium member perk)

Would/should we get rid of bbc choices?
  I'm inclined to leave it alone, for one reason: it does prevent people making lists and tables in signatures if the admin so chooses, which can be good from a formatting point of view.
 1. And before anyone gets confused why I don't have full admin access, it's simply because I don't need full admin to do what I do, and I'm a *huge* fan of not having more permissions than I actually need.
Re: SMF bug 4905 (signature length verified before preparsecode)
« Reply #7, on March 10th, 2012, 01:50 PM »
There's an interesting suggestion been made, that the preparsing essentially should happen twice.

What I'm thinking it might be simpler to do is perform the expansions that would normally occur, then do validation on length, so not quite full preparsing. Mind you, it does depend a lot on the comments about, about what signatures 'need'.

Nao

  • Dadman with a boy
  • Posts: 16,068

emanuele

  • Posts: 125
Re: SMF bug 4905 (signature length verified before preparsecode)
« Reply #9, on March 14th, 2012, 01:02 AM »
ohh...that would make sense...

Code: [Select]
}

preparsecode($value);
// Too long?
if (!allowedTo('admin_forum') && !empty($sig_limits[1]) && $smcFunc['strlen'](str_replace('<br />', "\n", $value)) > $sig_limits[1])
{
$_POST['signature'] = trim(htmlspecialchars(str_replace('<br />', "\n", $value), ENT_QUOTES));
$txt['profile_error_signature_max_length'] = sprintf($txt['profile_error_signature_max_length'], $sig_limits[1]);
return 'signature_max_length';
}
return true;
}
Not even necessary to shorten it (javascript will take care of this aspect :P).

Missing a check for the admin somewhere.

live627

  • Should five per cent appear too small / Be thankful I don't take it all / 'Cause I'm the taxman, yeah I'm the taxman
  • Posts: 1,668
A confident man keeps quiet.whereas a frightened man keeps talking, hiding his fear.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278

Nao

  • Dadman with a boy
  • Posts: 16,068
Re: SMF bug 4905 (signature length verified before preparsecode)
« Reply #12, on May 17th, 2012, 12:06 PM »
Hey emanuele, since I see you're online -- hope you didn't miss my SMF/Wedge bug fix related to this feature ;) (i.e. a regex was missing the 'global' modifier and as a result it incorrectly calculated the size.)

emanuele

  • Posts: 125

Nao

  • Dadman with a boy
  • Posts: 16,068