JoshyPHP wrote:Pony99CA wrote:What exactly would be leaked?
You give the ID of a post and you get whatever data from the database.
Your quote change is already giving them the post ID. I'm just saying to do the necessary checks at preview/posting time, not at quoting time. In fact, I believe that you prevent leaks
better if you check at posting time.
Again, if I'm missing something, please give a specific, detailed scenario where information may be leaked. (By specific and detailed, I mean a set of permissions on a forum and a set of my user actions where a post that I'm quoting could leak information that I can't already see.)
JoshyPHP wrote:Pony99CA wrote:Sorry, by "Nested" I meant existing quotes that I was quoting. I'm not referring to creating multiple levels of nested quotes myself -- those would all be "unresolved", of course.
We're talking about the same thing. If you don't accept user-supplied attributes on the outermost quote for fear of mischief, why would you accept them in the innermost quotes?
I wasn't talking about keep those parameters; I talking about having a "pre-formatted quote" (where, for example, the timestamp was filled out in a "standard" date format), but after further consideration, that doesn't seem to help much and may make things more complicated. So just use post_id on all quotes and be done with it.
JoshyPHP wrote:Pony99CA wrote:End user simplicity and amount of code is often a balancing act. A "Hello world" program is usually the simplest you can get, but it doesn't help the user at all (except to see that the computer can execute a program). And, of course, "user benefit" is also subjective.
And it depends on what of your definition of "is" is, too. Come on. Debating what words mean is counterproductive. I don't intend to change the way the PR works. I think it's fine as it is. If it wasn't for the date bit, I would have removed its "WIP" flag already.
I wasn't debating the meaning of words; I was just pointing out that they have different meanings to different people. You may think that this is simple, but it appears that Cin and I disagree. What's simple for you may not be simple for users.
That said, getting this feature is probably more important than repeatedly debating it. If you're dead set against listening to more input on the parameters, or unwilling to change things based on that input, just release it.
I presume that the Quote button in the post review will also insert any necessary parameters, so multi-quoting will work the same as quoting a single post.
Steve