Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Extension: Quote Depth

chuyskywalkerchuyskywalker
edited February 2008 in Vanilla 1.0 Help
Pretty simple, but very useful.

Quote Depth v0.1.0

Allows you to control the level of quote depth which shows up when people post.

Comments

  • StashStash
    I haven't tried it yet, but what does it do when you reach your quote nesting limit?
  • SlashedZeroSlashedZero
    Neat idea, but could you make it work with HTML formatting too?
  • chuyskywalkerchuyskywalker
    When you reach the quote limit, it strips out the quote levels below it.

    @Ninjaguy: Just jack open the copy and get rid of the type detection and exchange [ ] for < > -- should do the trick.
  • SlashedZeroSlashedZero
    I had a look like you said but I didn't manage to make it work with HTML. I rather suck at PHP, could you tell me which lines to change please?
  • NickENickE New
    It'd actually be a little more complex to make it work with html. You'd have to allow for tag attributes (eg. style, width, etc.), and the fact that tags can be modified extensively via styling makes it practically impossible to test for just a few tags. It might be best/easiest to integrate something into the HtmlFormatter which limited the depth of any tag.
  • chuyskywalkerchuyskywalker
    ...or you could strip any styling attributes from the opening blockquote tag to deal with that.
  • NickENickE New
    Yeah, but that'd be too restrictive for a good many forums :-P Even if you did, other attributes could be added, so you'd still have to take those into account. And besides, people could still use other tags, like q, or fieldset, or even div.
  • chuyskywalkerchuyskywalker
    Well, quite honestly, if you're allowing people to post to your forum with html AND attributes, you have more to worry about than a quote pyramid (See your shiny new 'sign in/out' link at top). However, for people who use BBCode, this is a really handy extension.

    An Example of why HTML is bad for leaving comments. (See about #9th comment below)
    (there is a nice little overwriting div here...)

    And, as a side note:
    s/<blockquote([^>]+)>/<blockquote>/UI meant to say you could strip any attribute, not just styling.

    And, using that, you could even extend this to then de-level nested other tags too, such as fieldset, div, or even q (which only works in a handful of browsers anyway, and the people who DO know about it aren't the crowd to be likely to abuse it.)
  • NickENickE New
    I am fully aware that styling can cause trouble in the hands of those who abuse it, but on this board the benifits of users being able to style posts make up for the occasional 'yet-another-proof-of-concept.' I have done a thorough job of making sure no js is allowed (although feel free to try and get past it somehow, bug finders are always welcome), so any 'damage' that would be done would be purely superficial.

    That's sort of the mentality behind the html formatter, it gives you as much freedom as possible while stripping out anything dangerous (and you can disable inline styling within the extension anyway, so it's not like the option's not there).
  • just a novicejust a novice
    trying to get this to work with html. my users do not know enough html to make this a problem. i used "$text = preg_replace('<blockquote([^>]+)>/<blockquote>', '<blockquote><cite>$1</cite></blockquote>', $text);" as well as replaced the [quote] with <blockquote>
  • just a novicejust a novice
    im pretty sure this is an easy fix, i just cant figure it out. anyone?
  • just a novicejust a novice
    bump
This discussion has been closed.