>>  Site Map >>  Forums >>  General 7x

Forum module - topics in forum:


General 7x - Discussions reagarding any other PHP-Nuke Problems. 7x


im having similar problem on a grander scale Sad

I have alot of html and javascript tags im needing to use, and have been searching for either $AllowableHTML string that allows all, or where to disable html and java filtering.

i found this on phpnuke's main site:

Quote: :
check_html uses the $AllowableHTML array that is defined in config.php. The idea is that only the tags that are included in the $AllowableHTML array should be allowed. However, even if you explicitly allow the img tag in $AllowableHTML, it will be stripped away by check_html (and by filter_text, which also calls it). The line that does this is

Code: :
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", ", $str);


You can comment out that line - though it is certainly a security issue (allowing people to post harmful code in img tags).

You can also comment out the line that eliminates all anchor attributes exept href in the <a> tag:

Code: :
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>", '<a href="\\1">', $str); # "


These changes will affect the checks done at all places shown in both Table 16-1 and Table 16-2, so again, be careful with security issues. You have to trust your users to give them this comfort.


The only strings that are almost identical i can find is in the mainfile.php

Code: :
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);

$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);

$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);


I've commented them out, but has taking no effect with what im wanting.

I set the permissions on mainfile.php to allow me to edit it, then set permissions back.

I am aware of the security risks of my actions, but until i have a 2nd option that atleast allows the owner to use html and java in posts, news, etc, i face running the gauntlet with it! (though i do have a trusting community luckily)

(ps. would be nice if the html and java filters where optional in user groups)



maybe someone can point in right direction for help on that above?

rather urgent!



What's your nuke version? and where exactly are you trying to use html and js?

Here's a couple of topics at nukecops you could try.

http://www.nukecops.com/postlite41588-filters.html

http://www.nukecops.com/postlite54381-filters.html



its version 7.9

Ive tried the advice in 1 of them links but it still filters.

The other thread causes a fatal error.

Initially wanted in submit news and modules - probably go more globaly later.

Would actually be nice to lose the entire filter scripts - its too viscous when it even filters the owner!!



Attention! You are currently viewing sitemap page!
We strongly suggest to look at original content

Search from web

Select page

Valid HTML 4.01 Valid CSS