Testing

bla bla

Hi,

I’m going to mark this ticket as solved. In case there’s anything else you’d like to know, please let us know and we’ll be happy to help!

test

yes

werwerwer

sddfs

Why can’t use a wygwam editor here?

XSLT can be bulky to manage, and essentially adds an extra programming language that developers would have to work in (at least if I understand your description correctly). My experience has been that relatively few people know it, and even fewer can make it do what they want.

seeing it is tagged PHP:
either

string ucfirst  ( string $str  );

to uppercase first letter of the first word

or

string ucwords  ( string $str  );

to uppercase the first letter of every word

you might want to use those in combination with

string strtolower  ( string $str  );

to normalize all names to lower case first.

Since you are already using Smarty, you may want to consider the PEAR package HTML_QuickForm (this page says it’s being replaced by v2, but that’s still in alpha. V1 is pretty solid).

The package allows you to build and process your forms in an easy, straightforward API, and then has a renderer class that works with Smarty. Basically, you can spit out your entire form as an array of objects that Smarty can then render for you. You can control the look and feel with CSS. HTML_QuickForm can be configured to have client-side or server-side validation, or both. You just set up your rules for validation, and it just works. Hope that helps.

Arrays do violate normalization; in my experience with internationalization databases I’ve found that having a the phrases normalized is the best design,

I allows you to easily make wholesale copies of rows – for instance ‘es’ to ‘es-mx’ or ‘en’ to ‘en-US’, ‘en-GB’, and my favorite: ‘xx-piglatin’. In an array schema, you would either have to re-write every record or add complex parsing or use something more complex than arrays, like XML.

It is relatively easy to use LEFT JOINs for find untranslated phrases for work and also to use COALESCE to return a default so the program remains usable even if the phrase is not translated.

I’ve tested all exploits I know on HTML Purifier and it did very well. It filters not only HTML, but also CSS and URLs.

Once you narrow elements and attributes to innocent ones, the pitfalls are in attribute content – javascript: pseudo-URLs (IE allows tab characters in protocol name – java script: still works) and CSS properties that trigger JS.

Parsing of URLs may be tricky, e.g. these are valid: http://spoof.com:xxx@evil.com or //evil.com. Internationalized domains (IDN) can be written in two ways – Unicode and punycode.

Go with HTML Purifier – it has most of these worked out. If you just want to fix broken HTML, then use HTML Tidy (it’s available as PHP extension).

I used HTML Purifier with success and haven’t had any xss or other unwanted input filter through. I also run the sanitize HTML through the Tidy extension to make sure it validates as well.

Look at SuperTab for making tab-autocompletion in Vim a bit easier to use than the standard bindings. You may also want to look into ctags, if you’re into code indexing. Google “php vim ctags” and you’ll see plenty of articles describing how to set it up.

The official Vim Wiki has a PHP section with some good tips, like integrating the official PHP documentation.