Stripping html code

Involved Joined: Feb 03, 2006 Posts: 269

Hi ive just put up nuke 8 to run dadanukes simple cart (only works on 7.8+ or Evolution)

My question is when i add html to blocks and news some of the html code is being removed... i know there is some thing to do with allowing certain html tags..

I think the html tages are in mainfile.php ? can some one just point me in the right direction ... plz

Thanks

Posted: Thu Nov 09, 2006 9:46 am

Unfortunately, al versions of Nuke after 7.6 continue to improperly define and manipulate HTML allowable fields. Its not just the improper rules for filtering HTML, but how the fields themselves are designed and then how data is manipulated after that.

Please be aware that it is posted somewhere that dada simple cart is not compatible with Nuke 8 (can't remember where I read that); however, as i understood it, there was some major issues.

The HTML filtering and manipulaton functions are in fact in the Mainfile as well as in NukeSentinel if you are running both (which I've got to assume you are).

In the mainfile.php, you are looking for everything between:

Code:

/* text filte

and

Code:

/* formatting stories

as well as:

Code:

// Die message for not allowed HTML tags


$htmltags = "<center><img src=\"images/logo.gif\"><br><br><b>";


$htmltags .= "The html tags you attempted to use are not allowed</b><br><br>";


$htmltags .= "[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]</center>";





if (!defined('ADMIN_FILE') && (!defined('PHPBB') && !file_exists('includes/nukesentinel.php'))) {


  foreach ($_GET as $sec_key => $secvalue) {


    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||


   (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||


   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||


   (eregi("\"", $secvalue)) ||


   (eregi("forum_admin", $sec_key)) ||


   (eregi("inside_mod", $sec_key))) {


        die ($htmltags);


     }


  }





  foreach ($_POST as $secvalue) {


    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {


      die ($htmltags);


    }


  }


}

On top of that, you'll have to contend with the fact that none of the HMTL fields are properly defined, (in every single file) so all I can say is, "good luck".

Wish I could be of more help, but alas, I don't control development from php-nuke.disorg

Posted: Thu Nov 09, 2006 9:55 am

Thanks for the fast responce 64bitguy I normally use ravens disto as i know its currently the best.

As i said i had to go with something above 7.7 for the sheer fact we needed simple cart and it was only tested on 7.7 an above and an evo version.

Simple cart runs fine on dadanukes ver 8.0.0.3.3 i have the latest sentinal installed... but im not happy about it stripping some html !!

It doesnt strip it all, just certain code..

You have mentioned that i look in between the areas above, what must i do to try and allow more html tags?

Thx

Posted: Thu Nov 09, 2006 10:15 am

Yeah, I completely recoded 7.8 to make my new baseline CMS because I wanted to see what it would really take to properly integrate editors like TinyMCE and FCKeditor (both of which I have integrated), so I know pretty well about the differences.

What's the tag? Maybe we can write an exception or see just where it is getting filtered and fix it for you.

Posted: Thu Nov 09, 2006 10:35 am

Cheers for the reply

All im adding to the blocks is a simple table with a few images, i add it and view it on the home page and its stripped the images added some cell spaces lol

When i go back to the blocks admin to edit it there is no code to edit ! its gone ! lol

Gutted !

Posted: Thu Nov 09, 2006 10:40 am

Ive just thought of a work around !! lol

I could try installing simple cart onto ravens disrto ! even though its not tested !

Posted: Thu Nov 09, 2006 2:34 pm

well i installed ravens latest distro and then installed Simple Cart and it wouldnt loadup Simple Cart (very easy install btw great work raven)

Would anyone like to take a look! and maybe help me get simple cart up and running onto ravens nuke...

registered · Posted: Thu Nov 09, 2006 3:19 pm

Did you try disabling the WYSIWYG editor and adding the HTML you want to the AllowableHTML array in config.php?

Posted: Thu Nov 09, 2006 3:28 pm

going to try that now ^^ thx Gremmie

Posted: Thu Nov 09, 2006 3:36 pm

Nah that didnt work, nice suggestion though !

I added the html to the block submitted it, looked fine in Mozzila (still added the cell padding for some reason) looked nothing like it was supposed to in IE lol so i went to edit the block and all that was left of the original code was

Code:

<table width="100%" border="

so its still stripping the code with the $nuke_editor: Turn On/Off the WYSIWYG text editor set to off

Thx though i was on the edge of my seat !! lol

Posted: Thu Nov 09, 2006 5:11 pm

Did you add tags => 2 in the AllowableHTML array?

Posted: Thu Nov 09, 2006 5:29 pm

ahhhh lol didint see them down below and yeah its got something to do with them

On the nuke 8 version i replaced there $AllowableHTML with ravens version and it left me with this code

Code:

 <div align="center">THEMES CURRENTLY IN DEVELOPMENT <br /><br /></div>


  


  


    <div align="center">Aviator Battlefield 2142</div>


    <div align="center">Aviator Ghost Recon Advanced Warfighter </div>


    <div align="center">Aviator Enemy Territory</div>


  


  


    <div align="center"></div>


    <div align="center"></div>


    <div align="center"></div>


  


  


    <div align="center"></div>


    <div align="center"></div>


    <div align="center"></div>


  


  


    <div align="center">Now Completed</div>


    <div align="center">Now Completed </div>


    <div align="center">75% Complete </div>

Im going to have a play and try and find the best settings... if some one has a working amazing version of the $AllowableHTML arrays then plz submit them ! lol

Thx again ill keep you updated !

Posted: Fri Nov 10, 2006 4:18 am

lol I just got a sentinal screen for posting some bad code !

so ill keep this simple !

here are the arrays im currently using in config.php

Code:

$AllowableHTML = array("b"=>2,"i"=>1,"u"=>1,"div"=>2,"a"=>2,"em"=>1,"table"=>1,"br"=>1,"strong"=>1,"img"=>2,"blockquote"=>1,"tt"=>1,"li"=>1,"ol"=>1,"td"=>2,"tr"=>2,"ul"=>1);

I cant get past the code border in the html code ? ive set the array b to 1 and ive added border tried that as 1+2 and still cant get it to include it in the html code ?

Posted: Fri Nov 10, 2006 10:05 am

1 means allow the tag only. 2 means allow the tag with attributes. So you probably want 'table'=>2. b is for the bold tag, which typically doesn't have attributes, so leave that at 1.

Posted: Fri Nov 10, 2006 10:51 am

ok cool ill keep trying, thanks for the help so far Gremmie

Posted: Fri Nov 10, 2006 11:58 am

doing me head in now .. might scap this idea all together !! lol

when i set the table array to 2 it does more damage and only outputs

Code:

<table width="100%" border="

if i leave it set to 1 then i get

Code:

<table>


  <tr>


    <td colspan="3"><div align="center">THEMES CURRENTLY IN DEVELOPMENT <br /><br /></div></td>


  </tr>


  <tr>


    <td width="33%"><div align="center">Aviator Battlefield 2142</div></td>


    <td width="33%"><div align="center">Aviator Ghost Recon Advanced Warfighter </div></td>


    <td width="33%"><div align="center">Aviator Enemy Territory</div></td>


  </tr>


  <tr>


    <td><div align="center"><img src="icons/theme_icon.gif" border="

Again it stops at the poxy border=" array !!

Im leaving it for the weekend, starting to get annoyed ... i so much want to use ravens but the shop wont work with ravens !

Im in a no win lose situation at the moment !

Posted: Fri Nov 10, 2006 1:28 pm

I'm confused. What are you doing?

First, I would mention that you can't simply exchange Nuke 7.6 rules for use in Nuke 7.7+. The field definitions rely on having the new rules as the editor rules handle allowable html for those fields. This is not functional in 7.6 and earlier rules that handle textarea fields data through different mechanisms. In other words, it's not just a mainfile issue, but also how the module is coded to support those mainfile issues.

If you are writing a block, why don't you just enclose everything in a block "file", save that to your blocks folder and then call it through the blocks menu instead of using Nuke's flawed "Content" module for presenting custom block data?

The current state of individual coding for those functions in not right, so I wouldn't try to do any "custom" blocks where you're going to run into Nuke's fractured internal filtering rules.

\blocks\block-Static_Content.php - 100% W3C Compliant Static Content Block

Code:

<?php





/************************************************************************/


/* W3C Compliant Linkable Text, Images and General Content Block        */


/* Developed by: Steph Benoit - 64bitguy - http://1cms.org              */


/************************************************************************/


/* This program is free software. You can redistribute it and/or modify */


/* it under the terms of the GNU General Public License as published by */


/* the Free Software Foundation; either version 2 of the License.       */


/************************************************************************/


/* Notes:


   Just continue adding content as you see fit!  


   After the first $content = line, each new line should start with:


   


   $content .= "


    


   This demonstrates a W3C Compliant manner to place linkable images and text in a general content block.  





   If using a local image, the path for the image would be: 


   src=\"themes/YOUR_THEME/images/image_name.gif\" for example.  


   Remember, when using block files, the path is always relative to the public root, not the blocks folder"; 





   This block demonstrates the use of the required tags, setting image dimensions, etc... 


*/


if ( !defined('BLOCK_FILE') ) {


    header("Location: ../index.php");


    die();


}





$content = "<center><a href=\"http://1cms.org\" target=\"_blank\"><img width=\"79\" height=\"25\" border=\"0\" title=\"See 100% W3C HTML 4.01 Transitional Compliance Demonstrated!\" alt=\"See 100% W3C HTML 4.01 Transitional Compliance Demonstrated!\" src=\"http://1cms.org/themes/a4/images/logo_html.gif\" /></a>";


$content .= "<br /><br /><a href=\"http://www.whatever.com\" target=\"_blank\" title=\"See Information about Test\">Test</a><br />";


$content .= "</center>";





?>

Finally, you could edit the rules of the content module so that it doesn't filter html. That's the last method.

Problem solved?

Posted: Sat Nov 11, 2006 3:25 am

the problem does not just lie in the contents module, it lies in everything in Nuke v8 adding News, Blocks, Content and even submitting News

Im lucky in what you suggest as I could and can write a block in PHP but what about the new users to nuke that automatically think that the latest version of nuke is the best ! (They would be in for a shock)

They install Nuke v8 and then come across the issue of not being able to add the basic of html content to ANY where on there newly installed site (this is by no means a dig at u btw)

What im getting at is the basic and quite frank stupid and inadequate reasoning of trying to input BASIC html into your new site…

Yes there is a way around this, and that’s to install an older version of nuke, but is this the way things in the future hold for all nuke users? Trying to find a working version of nuke for there modules? In my opinion this is really not looking good.

Im sure there is away around this issue but right now with my limited knowledge of coding im left with a module (simple cart) that works on only versions above 7.7 and not being able to add BASIC html anywhere to my site as the code is being stripped, im sure it has been added for security reasons, but its so dam annoying!

Posted: Sat Nov 11, 2006 8:13 am

I appriciate your time and help

So i installed nuke 7.7 patched to 3.3 from nsn

Its 99% okay when adding html and it will work with the Simple Cart module

1 quick question when im adding the above html code its replacing just the 0 in border="0" and cellspacing"0" cellpadding="0"
Its replacing them with a square ? yeah lol a square

If you want an image ill post one but this is now the last thing stopping me from going live with this project.

Posted: Sat Nov 11, 2006 8:55 am

I hate to tell you this now, but I wouldn't install ANY version of Nuke after 7.6....

All versions after 7.6 have these problems.... Well, except mine, but I spent oh, I dunno, somewhere around 300 hours rewriting it.

Sad

Posted: Sat Nov 11, 2006 9:04 am

Yeah im hearing u 64bitguy ive never used any version over 7.6 before, but i really need this Simple Cart module as its a shop that allows ANY paypal link to be used...

Would some one like/love to convert the current Simple Cart module so it works with raven distro ?

I would pay them for there time, or make a donation here for all the valuable support you have all offered me regarding this issue.

Thx

Ped

Posted: Sat Nov 11, 2006 9:42 am

I believe that it in fact aready works with RavenNuke, but I could be wrong.

Do you have the code now? If so, I'd give it a shot.

Smile

Posted: Sat Nov 11, 2006 9:46 am

Yeah installed it yesterday it didnt work, the main module page only loaded the title header and no admin area at all i navigated to the admin page and it was just a white screen tha admin image didnt show in the admin control panel either

Posted: Wed Dec 20, 2006 6:21 pm

for any one that wants simple cart for ravens distro i got it converted just email me

Thanks for all the help on this thread, but it was far easier to get rid of v8 v7.7 and use RN !