Welcome to Geeklog Friday, August 23 2019 @ 08:44 pm EDT

Geeklog Forums

Get rid of the allowed html


Status: offline

orfilms

Forum User
Regular Poster
Registered: 02/08/05
Posts: 70
I hate, HATE the fact that geeklog checks for allowed html. I just installed fckeditor and I can't seem to add a lot of the classes. I would much rather be able to have story admins be able to post any and all html they can. Is there any way to hack the code to allow story admins complete access to post any code they want?

Status: offline

samstone

Forum User
Full Member
Registered: 29/09/02
Posts: 820
I sympathise you! It is caused by KSES.

Make the following changes in public_html/admin/story.php under "Clean up the text" around line 1010

PHP Formatted Code

// Sam changed in the following line the word 'html' to 'plaintext'
// in conjuction with dissabliing the html filtering in the following lines
        if ($postmode == 'plaintext') {
/* Sam commented out the following 3 lines to dissable html filtering
                    $introtext = COM_checkHTML (COM_checkWords ($introtext));
            $bodytext = COM_checkHTML (COM_checkWords ($bodytext));
        } else {
*/

            $introtext = htmlspecialchars (COM_checkWords ($introtext));
            $bodytext = htmlspecialchars (COM_checkWords ($bodytext));
        }

        $title = addslashes(htmlspecialchars(strip_tags(COM_checkWords($title))));

        $comments = DB_count($_TABLES['comments'],'sid',$sid);

 


Hope this helps!

Sam

Status: offline

samstone

Forum User
Full Member
Registered: 29/09/02
Posts: 820
Also, it would be nice if this feature can be turned on or off for admin in config.php.

KSES cause (edited: previously wrongly said 'prevent') Chinese characters to corrupt. I suspect that is why there is no more Chinese GL users other than me. People might try it and find that they can't post a simple story and move on, since there are many other choices. I don't know how this would affects other languages.

I have been thinking about setting up a Chinese GL site and each time a new version comes out, I would disable the KSES and upload it there.

Sam



Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Actually, you should all be happy that we have kses. If you switch it off, I don't want to hear any complaints about your site being hacked or your password being stolen, your site being defaced, etc.


Quote by samstone: KSES prevents Chinese characters to corrupt.

1.3.11sr2 comes with kses 0.2.2 which should address these problems. If not, please submit bug reports to the kses authors.

bye, Dirk

Status: offline

orfilms

Forum User
Regular Poster
Registered: 02/08/05
Posts: 70
I understand the reasoning for the kses, and understand why geeklog comes with it enabled. I just wish that it came with the option of turning it off for content editors. All thats needed is an exaplaintion of why the code is there and why it is enabled and that you should disable at your own risk. I think you would agree, for example, Windows now comes with it's firewall and auto update features enabled, for good (and very much the same) reasons. But what if they decided, lets put those features in there enabled and not give the users the ability to turn them off if they don't want to. We want them safe, so we won't give them that option.

Dirk, you're a very smart guy, I've learned invaluable amounts from your posts, and can attest to not even having a twenith of the php and programing knowlege that you have. So I don't understand why you wouldn't agree on an issue of giving the user the power (even if they can use that power to screw their own system)...

All times are EDT. The time is now 08:44 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content