forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Miscellaneous => Topic started by: bizlur on January 30, 2006, 11:03:24 pm

Title: html tags
Post by: bizlur on January 30, 2006, 11:03:24 pm
hello everyone... I hope someone here can help me.

We use CPG on our website to upload and store images of inventory/misc to be used on our website.

We have PHP script on our page that reads from the coppermine gallery and uses things such as image locations and descriptions to be shown on the page viewable to the public.

I have had a request to get the descriptions to allow for "<" and ">" so that the user can add html tags such as bold or "br" etc.  I have removed the charactors from the charactors that are not allowed and found in the db_input.php file there is a place where it replaces these charactors with GT and LT.  I removed those.  But it still stores the info into the database as LT and GT.

What file is this "switch" in that I will need to turn off/erase to get it to stop doing this. 

I have searched through all the pages that seem like that might be the right one... ending up with no luck in the end.

Thanks in advance to anyone that can help me!

Brian

Title: Re: html tags
Post by: Joachim Müller on January 31, 2006, 06:35:36 am
you're strongly advised not to allow html in fields where users can input text. There are very good reasons why all the code exists that removes the < and > and disallows html parsing. Make them use bbcode instead. I won't look into a mod that will make your page completely unsecure.