New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ticket/13934] Add enctype clause for profile fields #3733
Conversation
Adds a template variable (the same) in all places where profile fields may need an enctype clause in the corresponding forms. PHPBB3-13934
@@ -17,7 +17,7 @@ | |||
</div> | |||
<!-- ENDIF --> | |||
|
|||
<form id="add_profile_field" method="post" action="{U_ACTION}"> | |||
<form id="add_profile_field" method="post" action="{U_ACTION}"{S_FORM_ENCTYPE}> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use <!-- IF ... --> {S_FORM_ENCTYPE}<!-- ENDIF -->
all the places.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why? This is not the way it is done elsewhere in phpbb...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because it is a clearer and better way of doing this. You should be able to use <!-- IF S_FORM_ENCTYPE is defined and S_FORM_ENCTYPE is not empty --> {S_FORM_ENCTYPE}<!-- ENDIF -->
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Examples of usage in other areas of phpbb. And there are a lot more, and none like what you propose.
I don't understand why this would be any different. I prefer consistency across the phpbb software.
https://github.com/phpbb/phpbb/blob/3.1.x/phpBB/styles/prosilver/template/ucp_profile_profile_info.html#L3
https://github.com/phpbb/phpbb/blob/3.1.x/phpBB/styles/prosilver/template/posting_layout.html#L24
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the enctype
attribute as well to the template. If you are bothered by the inconsistency of the template files, please feel free to send a patch for those as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's what you wrote, though... ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
needs a space after the quote too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not if used as in other places, see links above. The space is supposed to be included in the template var. But it may be safer if included again here...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont really understand the problem. If something is undefined, using it like above will just be fine. It will be false or whatever and not causing any output. So it has the same result.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just hate HTML in the backend, it should not have got there in the first place.
@@ -1,4 +1,4 @@ | |||
<form id="user_profile" method="post" action="{U_ACTION}"> | |||
<form id="user_profile" method="post" action="{U_ACTION}"{S_FORM_ENCTYPE}> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
space?
I have been looking at current phpbb 3.1.5, to identify all CURRENT uses of enctype, and these are my findings:
Prosilver templates:
PHP code:
What I have not been able to see is the amount of extension that make use of such variables; I don't know if it is difficult for you to run such a query, at least among the validated extensions. With all of this, my proposal and preferences are as follows:
If you all agree that introducing the initial space in the templates and removing it from the PHP files is better, someone please open a separate ticket, and I will be happy to provide a PR for that, and will update this to include the space here, as I agree this could be error prone, and even, source of potential security exploits (by appending text to the URL that is in front), and no extension should be using it anyway (at least not cleanly). If this needs to be changed further, like updating existing uses either in ACP or in prosilve to use conditionals surrounding them, I would suggest that it goes through an RFP process in Area51 AND Extension Writers forum, as this will definitely break a number of existing or in development extensions. It might not be a bad idea, but we need to know the impact of such a change before implementing it, as it is heavily non-backwards compatible. Please, advise on what to do next. |
The patch looks fine to me, when the variables are properly set in the corresponding php files. |
Could anyone please review this further, so that it can be either accepted or rejected? |
[ticket/13934] Add enctype clause for profile fields * javiexin/ticket/13934: [ticket/13934] Add enctype clause for profile fields
thanks for your contribution |
Adds a template variable (the same) in all places where profile fields
may need an enctype clause in the corresponding forms.
PHPBB3-13934