[geeklog-cvs] geeklog-1.3 config.php,1.83,1.84
geeklog-cvs-admin at lists.geeklog.net
geeklog-cvs-admin at lists.geeklog.net
Mon May 26 07:57:45 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3
In directory internal.geeklog.net:/tmp/cvs-serv18222
Modified Files:
config.php
Log Message:
Added a warning about the dangers of adding some HTML tags to the set of allowable HTML.
Index: config.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/config.php,v
retrieving revision 1.83
retrieving revision 1.84
diff -C2 -d -r1.83 -r1.84
*** config.php 21 May 2003 15:49:04 -0000 1.83
--- config.php 26 May 2003 11:57:43 -0000 1.84
***************
*** 414,417 ****
--- 414,420 ----
// Parameters for checking words and HTML tags
+ // *** Warning: Adding the following tags to the list of allowable HTML can
+ // *** make your site vulnerable to scripting attacks!
+ // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe>
$_CONF['allowablehtml'] = '<p>,<b>,<i>,<a>,<em>,<br>,<tt>,<hr>,<li>,<ol>,<ul>,<code>,<pre>';
$_CONF['adminhtml'] = $_CONF['allowablehtml'] . ', <div>,<table>,<tr>,<td>,<th>';
More information about the geeklog-cvs
mailing list