[OpenFontLibrary] How to fix the site
Dave Crossland
dave at lab6.com
Thu Jun 24 23:46:34 PDT 2010
Hi!
Okay, does anyone know PHP and would like to help fix the site's
fragile nature...? :-)
We have a SVN repository, at
https://svn.openfontlibrary.org/public/openfontlibrary/
and this file has some documentation (although it becomes less well
organised as it goes on)
https://svn.openfontlibrary.org/public/openfontlibrary/HOW_THIS_SITE_WORKS.txt
The repository is quite large though, 502mb atm, because it has all
the fonts from the old site that are to be repackaged and uploaded.
Sorry about that.
The important file with our nasty buggy code is
https://svn.openfontlibrary.org/public/openfontlibrary/openfontlibrary_files/lib/oflbTypeface.php
which doesn't escape font metadata (name, filename, etc) for shell/sql
characters properly. This means fonts uploaded with a single quote '
in their copyright string or name (like " Wenghai's Handwriting " or
"Anka/Coder") break the /files page, because no data is sent by AJAX
to the page and it gives an index(0) error. The escaping probably
needs to be done here:
https://svn.openfontlibrary.org/public/openfontlibrary/openfontlibrary_files/lib/oflbFontaineReport.inc
I will spend some time this summer learning more PHP, I really do not
know what I am doing at the moment :-)
The /files page (which gave the error you reported) is generated by
https://svn.openfontlibrary.org/public/openfontlibrary/openfontlibrary_files/skins/oflb-skin/oflb_upload_list_narrow.tpl
which calls
https://svn.openfontlibrary.org/public/openfontlibrary/openfontlibrary_files/skins/oflb_upload_list_content.tpl
Also, the "font family" pages are generated by
https://svn.openfontlibrary.org/public/openfontlibrary/openfontlibrary_files/skins/oflb-skin/oflb_upload_page_shared.tpl
The CMS is "ccHost 5" - see http://wiki.creativecommons.org/Cchost/Documentation
So, if anyone can take a look over those files and spot anything that
is really dumb and can be refactored, please let me know :-)
For direct SVN commit access, mail me a HTPASSWD hash (as explained in
the documentation) and let me know your site login and I'll set it as
an admin. Then you can upload a font with a / or ' in the name, break
the site, and delete it to fix the site. To do this, go to its family
page, and replace the username with "delete" - eg,
openfontlibrary.org/files/crossland/150
openfontlibrary.org/files/delete/150
:-)
Cheers
Dave
More information about the OpenFontLibrary
mailing list