[geeklog-cvs] geeklog-1.3 config.php,1.100,1.101

dhaun at geeklog.net dhaun at geeklog.net
Sat Oct 11 07:21:48 EDT 2003 

Update of /usr/cvs/geeklog/geeklog-1.3
In directory geeklog_prod:/tmp/cvs-serv2856

Modified Files:
	config.php 
Log Message:
Changes to make use of the kses class to filter allowable HTML.


Index: config.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/config.php,v
retrieving revision 1.100
retrieving revision 1.101
diff -C2 -d -r1.100 -r1.101
*** config.php	20 Sep 2003 16:50:35 -0000	1.100
--- config.php	11 Oct 2003 11:21:46 -0000	1.101
***************
*** 518,528 ****
  $_CONF['linksperpage'] = 10; // links per page
  
! // Parameters for checking words and HTML tags
  
  // *** Warning: Adding the following tags to the list of allowable HTML can     
  // *** make your site vulnerable to scripting attacks!
  // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe> 
! $_CONF['allowablehtml'] = '<p>,<b>,<i>,<a>,<em>,<br>,<tt>,<hr>,<li>,<ol>,<ul>,<code>,<pre>';
! $_CONF['adminhtml'] = $_CONF['allowablehtml'] . ', <div>,<table>,<tr>,<td>,<th>';
  $_CONF['censormode']    = 1;
  $_CONF['censorreplace'] = '*censored*';
--- 518,567 ----
  $_CONF['linksperpage'] = 10; // links per page
  
! // Parameters for checking HTML tags
  
  // *** Warning: Adding the following tags to the list of allowable HTML can     
  // *** make your site vulnerable to scripting attacks!
  // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe> 
! 
! /* This is a list of HTML tags that users are allowed to use in their posts.
!  * Each tag can have a list of allowed attributes (see 'a' for an example).
!  * Any attributes not listed will be filtered, i.e. removed.
!  */
! $_CONF['user_html'] = array ( 
!     'p'    => array(),
!     'b'    => array(),
!     'i'    => array(),
!     'a'    => array('href' => 1, 'title' => 1),
!     'em'   => array(),
!     'br'   => array(),
!     'tt'   => array(),
!     'hr'   => array(),
!     'li'   => array(),
!     'ol'   => array(),
!     'ul'   => array(),
!     'code' => array(),
!     'pre'  => array()
! );
! 
! /* This is a list of HTML tags that Admins (site admin and story admins) can
!  * use in their posts. It will be merged with the above list of user-allowable
!  * tags ($_CONF['user_html']). You can also add tags that have already been
!  * listed for the user-allowed HTML, so as to allow admins to use more
!  * attributes (see 'p' for an example).
!  */
! $_CONF['admin_html'] = array (
!     'p'     => array('class' => 1, 'id' => 1, 'align' => 1),
!     'div'   => array('class' => 1, 'id' => 1),
!     'span'  => array('class' => 1, 'id' => 1),
!     'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1,
!                      'cellspacing' => 1, 'cellpadding' => 1),
!     'tr'    => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1),
!     'th'    => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
!                      'colspan' => 1, 'rowspan' => 1),
!     'td'    => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
!                      'colspan' => 1, 'rowspan' => 1)
! );
! 
! // Parameters for checking for "bad" words
  $_CONF['censormode']    = 1;
  $_CONF['censorreplace'] = '*censored*';

More information about the geeklog-cvs mailing list