I just found Atomic Docs last night, pretty awesome so far, but I ran into something that caused me a big headache right off the bat.
File names ( and strings in general ) are not sanitized ( as far as I can tell ). This can cause a problem when certain illegal characters are added as part of a component or category, which then breaks the application.
Example:
component name: Box (Red)
results in a file with a name like _Box(Red).scss,
Since "(" is an illegal character in a file name, the application is unable to open the file, and it's impossible to edit / rename the component because the file system is unable to access the file name. ( I had to resort to manually editing the file name, and components.dat )
There is no hinting that the string used to create the component will be used as the file name, or any sort of filtering / validation to prevent illegal characters.
Further, this might create a security issue, if unsanitized user input can directly interact with the file system.
My suggestion(s):
-
Add the appropriate warnings / filtering to all user input. Maybe some front-end validation to prevent bad data before attempting to save?
-
Add an entry to components.dat for the user supplied string as well as a sanitized version that is used for the file name.
I didn't check to see if it were possible for name collisions, but this would be important as well.
A good example can be found on stack exchange of a regex:
// Remove anything which isn't a word, whitespace, number
// or any of the following caracters -_~,;.
// If you don't need to handle multi-byte characters
// you can use preg_replace rather than mb_ereg_replace
// Thanks @Łukasz Rysiak!
$file = mb_ereg_replace("([^\w\s\d\-_~,;\[\]\(\).])", '', $file);
// Remove any runs of periods (thanks falstro!)
$file = mb_ereg_replace("([.]{2,})", '', $file);
https://stackoverflow.com/a/2021729/3264690
Then the entry in components.dat might be like:
"component": "Box (Red)", "file_name": "BoxRed"
Again, Atomic Docs would need to be sure there isn't already a file name "BoxRed", for "Box Red", "Box (Red)", "Box.Red", etc.
Atomic Docs seems to be fairly straight forward from a PHP perspective, if you are still looking for some PHP help, I might be able to pitch in some. My time is very limited, but I write PHP about 80% of the time.
I just found Atomic Docs last night, pretty awesome so far, but I ran into something that caused me a big headache right off the bat.
File names ( and strings in general ) are not sanitized ( as far as I can tell ). This can cause a problem when certain illegal characters are added as part of a component or category, which then breaks the application.
Example:
component name: Box (Red)
results in a file with a name like _Box(Red).scss,
Since "(" is an illegal character in a file name, the application is unable to open the file, and it's impossible to edit / rename the component because the file system is unable to access the file name. ( I had to resort to manually editing the file name, and components.dat )
There is no hinting that the string used to create the component will be used as the file name, or any sort of filtering / validation to prevent illegal characters.
Further, this might create a security issue, if unsanitized user input can directly interact with the file system.
My suggestion(s):
Add the appropriate warnings / filtering to all user input. Maybe some front-end validation to prevent bad data before attempting to save?
Add an entry to components.dat for the user supplied string as well as a sanitized version that is used for the file name.
I didn't check to see if it were possible for name collisions, but this would be important as well.
A good example can be found on stack exchange of a regex:
https://stackoverflow.com/a/2021729/3264690
Then the entry in components.dat might be like:
"component": "Box (Red)", "file_name": "BoxRed"Again, Atomic Docs would need to be sure there isn't already a file name "BoxRed", for "Box Red", "Box (Red)", "Box.Red", etc.
Atomic Docs seems to be fairly straight forward from a PHP perspective, if you are still looking for some PHP help, I might be able to pitch in some. My time is very limited, but I write PHP about 80% of the time.