Advanced referrers handler

[dartar]

Much-improved usability (as well as accessible output), and already a beta feature on this site. Relies on a number of rewritten or new core methods (such as AdvancedFormOpen and GenerateUniqueId) that also have big advantages without impacting architecture. --JW

 http://wikkawiki.org/AdvancedReferrersHandler

[migrated from  http://wikkawiki.org/AdminDevelopmentDiscussions]

Related comments migrated from WikkaBugs

Error on ./handlers/page/referrers_sites

(reported by DotMG) Line 46 :

• Code generates a double </a> for links.
• & in URL should be replaced by &amp;

  			print("<td valign=\"top\">" . (($site != "unknown") ? "<a href=\"http://".$this->htmlspecialchars_ent($site)."\">".$this->htmlspecialchars_ent($site)."</a>" : $site) . /*"</a> ".*/($IsAdmin ? "[<a href=\"".$this->href("delete_referrer", "", "spam_site=").$this->htmlspecialchars_ent($site)."&redirect=".$this->GetMethod()."\">Blacklist</a>]" : "")."</td>");
  

Note: You cannot see this error by validating directly a page because W3C is not registered and it will not have the same output as you, in other words, code on line 46 won't be executed. But you can save the page on your hard disk and validate it. --DotMG

[DarTar]

It would be great to add regex support in the filter form to search for specific patterns.

[DarTar]

(In [1059]) Adding makeList() method to core (Credits: JavaWoman): required by the advanced referrers handler, refs #1

[DarTar]

(In [1071]) First draft of advanced referrers handler (Credits: JavaWoman)

• removed makeList() method (does not allow styling of active elements);
• added general purpose style for tabbed menus (ul.menu);

refs #1

[DarTar]

(In [1072]) Fixing unescaped &, refs #1

[DarTar]

(In [1073]) Updating phpDoc header, refs #1

[DarTar]

(In [1074]) Removing obsolete handler, refs #1

[DotMG]

When I specify Hits at least 1000 hits, and my database have a maximum of 500 hits from one domain, I get error message: No referrers found linking to HomePage. Maybe we should add matching your criteria.

[DarTar]

(In [1075]) Removing obsolete handler, refs #1

[DotMG]

L249#: $q = mysql_real_escape_string($tq);
L475#: $form .= '<input type ="text" name="q" id="q" title="'.FORM_URL_STRING_TITLE.'" size="10" maxlength="50" value="'.$q.'" />';

The value of the value parameter of the <input> tag should not be $q in this case. mysql_real_escape_string is used to prevent SQL injection. But for valid xhtml, you have to use htmlspecialchars_ent($tq). We have an XHTML validation issue here if user type character like & in the URL input box.

I also think there may be issue with the $q parameter if register_globals was On. Let's change it to $qs.

[DotMG]

(In [1076]) refs #1 Comment#13

• Replaced $q by $qs where $_POST['q'] is used for SQL query (sanitized for SQL)
• replaced $q by $qx where $_POST['q'] is echoed in XHTML output (sanitized for XHTML)
• added DocBlock.

[DarTar]

(In [1080]) default styling for select elements and slight change to referrer handler styling, refs #1 #380 and #388

[DarTar]

(In [1083]) alternate rows and styling, refs #1

[DarTar]

(In [1093]) Better wording of filtered result messages and links, refs #1

[DarTar]

(In [1177]) Porting advanced referrer handlers and related CSS from trunk (as of [1093]) to docs branch, refs #1 and #708

[DarTar]

(In [1217]) Notice in referrers, refs #1 and #496

[DarTar]

Retargeting to 1.3. Code for this ticket may have already been committed to trunk, from which 1.3 will be branched. Consider backporting urgent issues to 1.2.X