dont know category to post this in - allowable html issue

New Member Joined: Jun 21, 2008 Posts: 17

I am going to instal RavenNUke now on top of a clean site and fresh database.

I added what I prefer as allowable HTML in the appropriate config.php line, but what about any check_html or filter_text issues?

Is that an issue with RavenNuke and if so, how do I change things to allow my allowable HTML?

Thanks in advance.

Posted: Thu Jun 26, 2008 4:34 am

The check_html () function is located in mainfile.php
In RavenNuke the filtering that is done by that function is not applied to Admin input so unless you want to open up the filter to everyone there is no need to touch. If you were thinking of opening that up (bad idea) think carefully!! You might be able to give more flexibility by modifying the WYSIWYG Editor (details in the editor forum here) whilst still maintaining a level of filtering for security.

The filter_text() function is located in mainfile but I see no need to modify it's behaviour and doing so would be ill advised.

Posted: Thu Jun 26, 2008 9:59 am

Got it!

I simply modified the $AllowableHTML in config and am leaving check_html() as well as filter_text alone().

Can I make the WYSIWYG $AllowableHTML identical to that in config?

Thanks in advance.

Posted: Thu Jun 26, 2008 11:03 am

You shouldn't need to touch it.
What exactly are you trying to 'allow'?

Posted: Thu Jun 26, 2008 1:23 pm

As an admin, I want to edit only in HTML, no WYSIWYG.

I'm old fashioned that way.

but here is the $AllowableHTML I put in both config.php as well as rnconfig:

$AllowableHTML = array('a' => array('href' => 1,'target' => 1,'title' => array('minlen' => 4,'maxlen' => 120)),'b' => array(),'blockquote' => array(),'br' => array(),'center' => array(),'div' => array('align' => 1),'em' => array(),'embed' => array('src' => 1,'width' => 1,'height' => 1,'wmode' => 1,'type' => 1),'font' => array('face' => 1,'style' => 1,'color' => 1,'size' => array('minval' => 1,'maxval' => 7)),'h1' => array(),'h2' => array(),'h3' => array(),'h4' => array(),'h5' => array(),'h6' => array(),'hr' => array(),'i' => array(),'img' => array('alt' => 1,'src' => 1,'hspace' => 1,'vspace' => 1,'width' => 1,'height' => 1,'border' => 1,'align' => 1),'li' => array(),'object' => array('width' => 1,'height' => 1),'ol' => array(),'p' => array('align' => 1),'param' => array('name' => 1,'value' => 1),'pre' => array('align' => 1),'span' =>array('class' => 1, 'style' => array('font-family' => 1, 'color' => 1)),'strong' => array(),'strike' => array(),'sub' => array(),'sup' => array(),'table' => array('align' => 1,'border' => 1,'cell' => 1,'width' => 1,'cellspacing' => 1,'cellpadding' => 1),'td' => array('align' => 1,'width' => 1,'valign' => 1,'height' => 1,'rowspan' => 1,'colspan' => 1,'bgcolor' => 1),'tr' => array('align' => 1),'tt'=> array(),'u' => array(),'ul' => array(),);

Posted: Thu Jun 26, 2008 1:49 pm

See my first post In RavenNuke the filtering that is done by that function is not applied to Admin input
By changing the allowed html array you have left it open to abuse by anyone who has posting privileges (any registered user) - are you sure you want to do that?

Just for your information, the WYSIWYG editor has a button in the toolbar called 'source' which will let you enter pure html 'the old fashioned way' but it will also check and ensure it is XHTML compliant when saved.

Posted: Thu Jun 26, 2008 2:33 pm

I'll use the source option then and restore the allowable HTML to its original.

Posted: Thu Jun 26, 2008 2:51 pm

In all honesty that, that would be a safer approach Wink