[geeklog-cvs] geeklog-1.3 config.php,1.83,1.84

[geeklog-cvs-admin at lists.geeklog.net]

Update of /usr/cvs/geeklog/geeklog-1.3
In directory internal.geeklog.net:/tmp/cvs-serv18222

Modified Files:
	config.php 
Log Message:
Added a warning about the dangers of adding some HTML tags to the set of allowable HTML.


Index: config.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/config.php,v
retrieving revision 1.83
retrieving revision 1.84
diff -C2 -d -r1.83 -r1.84
*** config.php	21 May 2003 15:49:04 -0000	1.83
--- config.php	26 May 2003 11:57:43 -0000	1.84
***************
*** 414,417 ****
--- 414,420 ----
  // Parameters for checking words and HTML tags
  
+ // *** Warning: Adding the following tags to the list of allowable HTML can     
+ // *** make your site vulnerable to scripting attacks!
+ // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe> 
  $_CONF['allowablehtml'] = '<p>,<b>,<i>,<a>,<em>,<br>,<tt>,<hr>,<li>,<ol>,<ul>,<code>,<pre>';
  $_CONF['adminhtml'] = $_CONF['allowablehtml'] . ', <div>,<table>,<tr>,<td>,<th>';