The secure CMS.
Welcome to Geeklog Tuesday, August 04 2015 @ 07:52 PM EDT
The following comments are owned by whomever posted them. This site is not responsible for what they say.
// Hack to filter out user-generated CSS attributes
$str = preg_replace( '/style="[^"]+"/', '', $str );
Doh!... that actually only fixes it if the user writes nice clean HTML with no spaces before/after the = sign.
I'm thinking maybe phpfilter should be integrated instead, it still lets images from the main site get loaded (allowing you to disable a page with a 2000x2000 pixel repeating pattern of the site logo) but I've contacted the author about it.
Anyone have other suggestions?