[geeklog-cvs] geeklog-1.3 config.php,1.95,1.95.2.1
dhaun at geeklog.net
dhaun at geeklog.net
Sun Oct 12 04:32:56 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3
In directory geeklog_prod:/tmp/cvs-serv13728
Modified Files:
Tag: geeklog_1_3_8_1_1
config.php
Log Message:
Changes to make use of the kses class to filter allowable HTML.
Index: config.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/config.php,v
retrieving revision 1.95
retrieving revision 1.95.2.1
diff -C2 -d -r1.95 -r1.95.2.1
*** config.php 9 Aug 2003 11:47:40 -0000 1.95
--- config.php 12 Oct 2003 08:32:53 -0000 1.95.2.1
***************
*** 455,465 ****
$_CONF['linksperpage'] = 10; // links per page
! // Parameters for checking words and HTML tags
! // *** Warning: Adding the following tags to the list of allowable HTML can
// *** make your site vulnerable to scripting attacks!
// *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe>
! $_CONF['allowablehtml'] = '<p>,<b>,<i>,<a>,<em>,<br>,<tt>,<hr>,<li>,<ol>,<ul>,<code>,<pre>';
! $_CONF['adminhtml'] = $_CONF['allowablehtml'] . ', <div>,<table>,<tr>,<td>,<th>';
$_CONF['censormode'] = 1;
$_CONF['censorreplace'] = '*censored*';
--- 455,504 ----
$_CONF['linksperpage'] = 10; // links per page
! // Parameters for checking HTML tags
! // *** Warning: Adding the following tags to the list of allowable HTML can
// *** make your site vulnerable to scripting attacks!
// *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe>
!
! /* This is a list of HTML tags that users are allowed to use in their posts.
! * Each tag can have a list of allowed attributes (see 'a' for an example).
! * Any attributes not listed will be filtered, i.e. removed.
! */
! $_CONF['user_html'] = array (
! 'p' => array(),
! 'b' => array(),
! 'i' => array(),
! 'a' => array('href' => 1, 'title' => 1),
! 'em' => array(),
! 'br' => array(),
! 'tt' => array(),
! 'hr' => array(),
! 'li' => array(),
! 'ol' => array(),
! 'ul' => array(),
! 'code' => array(),
! 'pre' => array()
! );
!
! /* This is a list of HTML tags that Admins (site admin and story admins) can
! * use in their posts. It will be merged with the above list of user-allowable
! * tags ($_CONF['user_html']). You can also add tags that have already been
! * listed for the user-allowed HTML, so as to allow admins to use more
! * attributes (see 'p' for an example).
! */
! $_CONF['admin_html'] = array (
! 'p' => array('class' => 1, 'id' => 1, 'align' => 1),
! 'div' => array('class' => 1, 'id' => 1),
! 'span' => array('class' => 1, 'id' => 1),
! 'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1,
! 'cellspacing' => 1, 'cellpadding' => 1),
! 'tr' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1),
! 'th' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
! 'colspan' => 1, 'rowspan' => 1),
! 'td' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
! 'colspan' => 1, 'rowspan' => 1)
! );
!
! // Parameters for checking for "bad" words
$_CONF['censormode'] = 1;
$_CONF['censorreplace'] = '*censored*';
More information about the geeklog-cvs
mailing list