Follow

@clacke Thanks for the show. Your examples 6 and 7 contain: printf '%sn'. I assume you meant: printf '%s\n' (backslash n in case anything gets stripped by Mastodon). Shall I adjust it accordingly?

@clacke Doh! I just saw your Gitlab notes, and realised the answer was "yes!". Fixed - awaiting Ken's ministrations.

Aargh! Thank you for noticing. I will try to find were in my process the backslash was stripped.
@perloid Hm. My HTML source that I presumably posted has the backslash. But surely the HPR form and process can't be eating it? People must be posting bash source with backslashes in it all the time?

@clacke I think you are right, it's the form - or more likely something behind the form that's sanitising the HTML. I haven't noticed this here before, probably because people don't sent in much HTML. Much of it is plain text or a Markdown variant which I process for them.

@perloid Right, that would explain why it wasn't caught before.

@clacke I have taken it upon myself to intercept all (top level) show notes and fix them as necessary, turning them into HTML as required. This helps to prevent issues with uploading to archive.org where notes can be sanitised out of existence if they don't conform to their requirements.

@perloid Is the HPR source code up somewhere? I could have a look.

@clacke No. It's on a Gitlab server run by anhonesthost.com but access is restricted due to various policy decisions. We have to tackle this soon!

@clacke I have access and have had a look. It's PHP and I think it's the use of 'stripslashes' on the form contents. Of course, this function strips backslashes! I imagine the goal originally was to de-quote stuff that's on its way to the database, but the form data gets dropped into a file - which I post-process.

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko