Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: html tags  (Read 3430 times)

0 Members and 1 Guest are viewing this topic.

bizlur

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
html tags
« on: January 30, 2006, 11:03:24 pm »

hello everyone... I hope someone here can help me.

We use CPG on our website to upload and store images of inventory/misc to be used on our website.

We have PHP script on our page that reads from the coppermine gallery and uses things such as image locations and descriptions to be shown on the page viewable to the public.

I have had a request to get the descriptions to allow for "<" and ">" so that the user can add html tags such as bold or "br" etc.  I have removed the charactors from the charactors that are not allowed and found in the db_input.php file there is a place where it replaces these charactors with GT and LT.  I removed those.  But it still stores the info into the database as LT and GT.

What file is this "switch" in that I will need to turn off/erase to get it to stop doing this. 

I have searched through all the pages that seem like that might be the right one... ending up with no luck in the end.

Thanks in advance to anyone that can help me!

Brian

Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: html tags
« Reply #1 on: January 31, 2006, 06:35:36 am »

you're strongly advised not to allow html in fields where users can input text. There are very good reasons why all the code exists that removes the < and > and disallows html parsing. Make them use bbcode instead. I won't look into a mod that will make your page completely unsecure.
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 20 queries.