[geeklog-cvs] geeklog-1.3 config.php,1.69.2.2,1.69.2.2.2.1
dhaun at geeklog.net
dhaun at geeklog.net
Sun Oct 12 08:19:21 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3
In directory geeklog_prod:/tmp/cvs-serv23871
Modified Files:
Tag: geeklog_1_3_7sr2_1
config.php
Log Message:
Changes to make use of the kses class to filter allowable HTML.
Index: config.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/config.php,v
retrieving revision 1.69.2.2
retrieving revision 1.69.2.2.2.1
diff -C2 -d -r1.69.2.2 -r1.69.2.2.2.1
*** config.php 26 May 2003 12:51:58 -0000 1.69.2.2
--- config.php 12 Oct 2003 12:19:19 -0000 1.69.2.2.2.1
***************
*** 354,365 ****
$_CONF['linksperpage'] = 10; // links per page
! // Parameters for checking words and HTML tags
! // *** Warning: Adding the following tags to the list of allowable HTML can
// *** make your site vulnerable to scripting attacks!
! // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe>
! $_CONF['allowablehtml'] = '<p>,<b>,<i>,<a>,<em>,<br>,<tt>,<hr>,<li>,<ol>,<ul>,<code>,<pre>';
! $_CONF['adminhtml'] = $_CONF['allowablehtml'] . ', <div>,<table>,<tr>,<td>,<th>';
$_CONF['censormode'] = 1;
$_CONF['censorreplace'] = '*censored*';
--- 354,404 ----
$_CONF['linksperpage'] = 10; // links per page
! // Parameters for checking HTML tags
! // *** Warning: Adding the following tags to the list of allowable HTML can
// *** make your site vulnerable to scripting attacks!
! // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe>
!
! /* This is a list of HTML tags that users are allowed to use in their posts.
! * Each tag can have a list of allowed attributes (see 'a' for an example).
! * Any attributes not listed will be filtered, i.e. removed.
! */
+ $_CONF['user_html'] = array (
+ 'p' => array(),
+ 'b' => array(),
+ 'i' => array(),
+ 'a' => array('href' => 1, 'title' => 1),
+ 'em' => array(),
+ 'br' => array(),
+ 'tt' => array(),
+ 'hr' => array(),
+ 'li' => array(),
+ 'ol' => array(),
+ 'ul' => array(),
+ 'code' => array(),
+ 'pre' => array()
+ );
+
+ /* This is a list of HTML tags that Admins (site admin and story admins) can
+ * use in their posts. It will be merged with the above list of user-allowable
+ * tags ($_CONF['user_html']). You can also add tags that have already been
+ * listed for the user-allowed HTML, so as to allow admins to use more
+ * attributes (see 'p' for an example).
+ */
+ $_CONF['admin_html'] = array (
+ 'p' => array('class' => 1, 'id' => 1, 'align' => 1),
+ 'div' => array('class' => 1, 'id' => 1),
+ 'span' => array('class' => 1, 'id' => 1),
+ 'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1,
+ 'cellspacing' => 1, 'cellpadding' => 1),
+ 'tr' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1),
+ 'th' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
+ 'colspan' => 1, 'rowspan' => 1),
+ 'td' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
+ 'colspan' => 1, 'rowspan' => 1)
+ );
+
+ // Parameters for checking for "bad" words
$_CONF['censormode'] = 1;
$_CONF['censorreplace'] = '*censored*';
***************
*** 379,383 ****
}
if (!defined ('VERSION')) {
! define('VERSION', '1.3.7sr2');
}
--- 418,422 ----
}
if (!defined ('VERSION')) {
! define('VERSION', '1.3.7sr3');
}
More information about the geeklog-cvs
mailing list