In 4.6, we had filter_format($name, $value)
. In 4.7, we have filter_format($value, $weight)
. The new default weight of -16 means that the "Input format" textarea is never under the textarea it actually refers to (create any old page or story - you'll notice that the "Input format" is in a mass of other collapsibles, not where it's supposed to be).
This gets more exasperated on forms with multiple textareas: consider a flexinode with multiple areas. Now, ALL text areas are controlled by a single format filter because a) the default form name is "format", which means there can only ever be one of them, b) there is no longer the ability to change the name of the format (as in 4.6). This seems dangerous: if I have a flexinode with four textareas on it (I have, easily), only one of them may have PHP code in it. But, because there can only ever be one form format in 4.7, ALL those textfields are saved as containing PHP code. Not good.
The solution seems to be to add $name back into filter_form, but I have no clue what that really means, form-wise, with the new code, and how to check these $names for proper validation and so forth.
Making this as "critical" because it gives too much away ("PHP" in every textarea as opposed to just one), is visually disconcerting (if the "Input format" is not right underneath the textarea, it appears to apply to EVERY form element on the page, which obviously isn't the case), and harms one of the more popular modules (flexinode).
Comment | File | Size | Author |
---|---|---|---|
#1 | filter_9.patch | 1.41 KB | chx |
Comments
Comment #1
chx CreditAttribution: chx commentedThere. Needs some docs. I hope someone creates #parents / #tree docs and then this will be trivial.
Comment #2
Morbus Iffi've tested the patch with today's HEAD and flexinode's HEAD and, with a flexinode modification (which I'll make when this patch gets in), it appears to work properly (the weights still appear to be a bit screwy, but there's another issue for that apparently.
The flexinode modification for field_textarea.inc's flexinode_field_textarea_form() is:
Comment #3
Morbus IffComment #4
Dries CreditAttribution: Dries commentedCommitted to HEAD. I'll move this issue to the flexinode project.
Comment #5
chx CreditAttribution: chx commentedthen it's not mine anymore.
Comment #6
Morbus IffComment #7
(not verified) CreditAttribution: commented