Welcome to Geeklog, Anonymous Saturday, November 23 2024 @ 10:52 pm EST
Geeklog Forums
Get rid of the allowed html
Status: offline
orfilms
Forum User
Regular Poster
Registered: 08/02/05
Posts: 70
I hate, HATE the fact that geeklog checks for allowed html. I just installed fckeditor and I can't seem to add a lot of the classes. I would much rather be able to have story admins be able to post any and all html they can. Is there any way to hack the code to allow story admins complete access to post any code they want?
11
10
Quote
Status: offline
samstone
Forum User
Full Member
Registered: 09/29/02
Posts: 820
I sympathise you! It is caused by KSES.
Make the following changes in public_html/admin/story.php under "Clean up the text" around line 1010
// Sam changed in the following line the word 'html' to 'plaintext'
// in conjuction with dissabliing the html filtering in the following lines
if ($postmode == 'plaintext') {
/* Sam commented out the following 3 lines to dissable html filtering
$introtext = COM_checkHTML (COM_checkWords ($introtext));
$bodytext = COM_checkHTML (COM_checkWords ($bodytext));
} else {
*/
$introtext = htmlspecialchars (COM_checkWords ($introtext));
$bodytext = htmlspecialchars (COM_checkWords ($bodytext));
}
$title = addslashes(htmlspecialchars(strip_tags(COM_checkWords($title))));
$comments = DB_count($_TABLES['comments'],'sid',$sid);
Hope this helps!
Sam
Make the following changes in public_html/admin/story.php under "Clean up the text" around line 1010
Text Formatted Code
// Sam changed in the following line the word 'html' to 'plaintext'
// in conjuction with dissabliing the html filtering in the following lines
if ($postmode == 'plaintext') {
/* Sam commented out the following 3 lines to dissable html filtering
$introtext = COM_checkHTML (COM_checkWords ($introtext));
$bodytext = COM_checkHTML (COM_checkWords ($bodytext));
} else {
*/
$introtext = htmlspecialchars (COM_checkWords ($introtext));
$bodytext = htmlspecialchars (COM_checkWords ($bodytext));
}
$title = addslashes(htmlspecialchars(strip_tags(COM_checkWords($title))));
$comments = DB_count($_TABLES['comments'],'sid',$sid);
Hope this helps!
Sam
9
14
Quote
Status: offline
samstone
Forum User
Full Member
Registered: 09/29/02
Posts: 820
Also, it would be nice if this feature can be turned on or off for admin in config.php.
KSES cause (edited: previously wrongly said 'prevent') Chinese characters to corrupt. I suspect that is why there is no more Chinese GL users other than me. People might try it and find that they can't post a simple story and move on, since there are many other choices. I don't know how this would affects other languages.
I have been thinking about setting up a Chinese GL site and each time a new version comes out, I would disable the KSES and upload it there.
Sam
KSES cause (edited: previously wrongly said 'prevent') Chinese characters to corrupt. I suspect that is why there is no more Chinese GL users other than me. People might try it and find that they can't post a simple story and move on, since there are many other choices. I don't know how this would affects other languages.
I have been thinking about setting up a Chinese GL site and each time a new version comes out, I would disable the KSES and upload it there.
Sam
8
8
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Actually, you should all be happy that we have kses. If you switch it off, I don't want to hear any complaints about your site being hacked or your password being stolen, your site being defaced, etc.
1.3.11sr2 comes with kses 0.2.2 which should address these problems. If not, please submit bug reports to the kses authors.
bye, Dirk
Quote by samstone: KSES prevents Chinese characters to corrupt.
1.3.11sr2 comes with kses 0.2.2 which should address these problems. If not, please submit bug reports to the kses authors.
bye, Dirk
8
8
Quote
Status: offline
orfilms
Forum User
Regular Poster
Registered: 08/02/05
Posts: 70
I understand the reasoning for the kses, and understand why geeklog comes with it enabled. I just wish that it came with the option of turning it off for content editors. All thats needed is an exaplaintion of why the code is there and why it is enabled and that you should disable at your own risk. I think you would agree, for example, Windows now comes with it's firewall and auto update features enabled, for good (and very much the same) reasons. But what if they decided, lets put those features in there enabled and not give the users the ability to turn them off if they don't want to. We want them safe, so we won't give them that option.
Dirk, you're a very smart guy, I've learned invaluable amounts from your posts, and can attest to not even having a twenith of the php and programing knowlege that you have. So I don't understand why you wouldn't agree on an issue of giving the user the power (even if they can use that power to screw their own system)...
Dirk, you're a very smart guy, I've learned invaluable amounts from your posts, and can attest to not even having a twenith of the php and programing knowlege that you have. So I don't understand why you wouldn't agree on an issue of giving the user the power (even if they can use that power to screw their own system)...
10
10
Quote
All times are EST. The time is now 10:52 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content