nils

but... I got my physical helper do it instead.. I'm just doing a little bit to feel the pain

harvs1789uk

@Firesphere - Got any jobs going at your place, I dream of having a PM who will go back to the client and say “tough luck” rather than bending over backwards to please them even when they are idiots, much to the distain of the dev team lol

nils

@Firesphere one thing that would probably work would be to add a helper field saving the filename, re-export the data, upload all assets and re-sync on prod and then loop through all records and update the FileID on filename match

Firesphere

I work with paying clients a lot 🙂 But it's our rules 😉 We say when it's okay etc.

Show 1 attachment(s)
Joe Harvey

<@U0T28FLAH> - I get the impression you dont work one to one with paying clients that often? :stuck_out_tongue_winking_eye:

Hide attachment content
nils

but only if you very clearly set it up from the start.. I didn't really (this time)

harvs1789uk

Changing topic - Silverstripe inbuilt search and XSS, is there no inbuilt protection? I have a XSS vulnerability where you can search for say “<script>alert(“Hello World”);</script>” and it will be executed on the search results page.

I am looking at this module - http://addons.silverstripe.org/add-ons/zirak/htmlpurifier - but as it only references the need to use it for ‘custom search’ I am wondering if I am missing something with the inbuilt search?

nils

yeah, I agree that you need to be pretty hardline in some cases

harvs1789uk

Even when they get it wrong, they are right asd they are paying your wages lol

nils

if I was the client and had myself come back and tell me to do all my content entry all over again I would totally freak out at myself