items table so there's no need for a subquery. The subquery could
generate way too many ids since it didn't pay attention to
permissions. This isn't a security problem since we were restricting
the item ids according to permissions in the outer query, but it's
wasteful.
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
approach using html::specialchars and purify uses HTMLPurifier to intelligently
cleanse the output fields. Use purifier for text and title fields where it is
likely that a user would enter html to format their data.
the url to dictate arbitrary static method calls.
* Each xxx_rss helper has a single feed() call which takes an id as the argument
* xxx_rss::available_feedS() only returns feeds when they're applicable (ie
if you're viewing a tag, it won't show you an item feed).
* Feed urls are now in the module/feed_id form so that we can bind a
feed id to a given module
* Tightened up the Rss_Controller by using url::merge and some other tricks.
* Made the slideshow module express its own feed.
replace with a type field with one of two values (head and block). We need to
do this to determine what fields go in the rss block so we can ignore the
definitions that are related to the page head when creating the rss block that
goes into the sidebar.
