Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
token_comment.inc does not include tokens for the email address and home page address.
Comment | File | Size | Author |
---|---|---|---|
#13 | token.patch | 2.32 KB | KarenS |
#12 | token.patch | 2.32 KB | KarenS |
#10 | token.patch | 2.07 KB | KarenS |
#3 | token_comment_1.patch | 2.26 KB | NancyDru |
#2 | token_comment_1.patch | 2.3 KB | NancyDru |
Comments
Comment #1
lomz CreditAttribution: lomz commentedThis to be added after #307520: Date formatting function?
Comment #2
NancyDruNo, it is separate. Christian, you will need this though.
Here is a small tweak to it based on "real life meets module™"
Comment #3
NancyDruAnother small tweak
Comment #4
lomz CreditAttribution: lomz commentedCan this be made part of the official releases?
Comment #5
NancyDruThat's up to Eaton and Greggles, unless they want to give me CVS access.
Comment #6
gregglesThe raw vs. sanitized split is to provide two versions of the same data just one that is safe from XSS and one that is not. This code seems to provide different tokens in those places.
$comment->mail ? ('<a href="mailto: '. $comment->mail .'">'. $comment->name .'</a>') : NULL;
This code is not E_ALL compliant (isset($comment->mail)) would help. It's also not safe from XSS. Also, on the comment form it says "The content of this field is kept private and will not be shown publicly." and providing a token for it seems like that privacy could be lost. Either the token description should highlight this point or the token simply should not be provided.
@lomz - please don't set something RTBC unless you have done a review on the code and find it to be flawless.
Comment #7
mooffie CreditAttribution: mooffie commentedI'm not sure this argument is very valid: There's an [author-mail] token that reveals a node author's email.
Comment #8
mooffie CreditAttribution: mooffie commentedThe Token module has (realtively new) support for the node author's mail field:
Shouldn't the comment's mail tokens mirror, in their look and function, that of the node's?
1. It should be "mail", not "email".
2. [comment-email-raw] doesn't work for comments written by registered users, does it? This is critical.
3. There's [comment-email-raw], but no [comment-email]. (I wonder, why's there [user-mail] but no [user-mail-raw]?)
4. For comments of registered users, [comment-email-link] doesn't do what it name suggests it does. Mayeb it should be renamed to [comment-contact-link]; OTOH, there's already [comment-homepage-link].
Comment #9
greggles@moofie #7 - I agree with your logic. Tokens are up to the admin to use responsibly.
@moofie #8 -
1. Drupal uses "e-mail" for user facing text (see http://drupal.org/user/register)
Otherwise I love your review. Thanks!
Comment #10
KarenS CreditAttribution: KarenS commentedSo here's a patch that handles comment emails comparably to the way node emails are handled and it adds comment->homepage. I left out things like the formatted link to the contact page because we don't provide anything like that for nodes so it seems odd to do so for comments. Plus most of the tokens are not formatted html. Plus with the raw data you can add your own formatting if you want.
Anyway, I have an immediate need for a way to contact anonymous comment authors via their email address, so I kept the patch as simple as possible to keep things from getting bogged down.
Comment #11
gregglesIf we provide a raw token, we should also provide a "non-raw" one. In this case I think that the $comment->homepage can just be sent through check_url and get rid of the [comment-homepage-raw] so it is just [comment-homepage]. @karens - could you try that out and see if it works for you?
Otherwise, looks great to me.
Comment #12
KarenS CreditAttribution: KarenS commentedNew patch. I just have homepage, not homepage-raw, and I also changed the name to comment-author-homepage for consistency with the other comment author token names.
Comment #13
KarenS CreditAttribution: KarenS commentedOops, did check_plain() instead of check_url(). New patch.
Comment #14
gregglesAwesome, thanks KarenS!
Committed to 6.x http://drupal.org/cvs?commit=214650
And 5.x: http://drupal.org/cvs?commit=214652