[geeklog-cvs] geeklog-1.3 config.php,1.69.2.2,1.69.2.2.2.1

dhaun at geeklog.net dhaun at geeklog.net
Sun Oct 12 08:19:21 EDT 2003 

Update of /usr/cvs/geeklog/geeklog-1.3
In directory geeklog_prod:/tmp/cvs-serv23871

Modified Files:
      Tag: geeklog_1_3_7sr2_1
	config.php 
Log Message:
Changes to make use of the kses class to filter allowable HTML.


Index: config.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/config.php,v
retrieving revision 1.69.2.2
retrieving revision 1.69.2.2.2.1
diff -C2 -d -r1.69.2.2 -r1.69.2.2.2.1
*** config.php	26 May 2003 12:51:58 -0000	1.69.2.2
--- config.php	12 Oct 2003 12:19:19 -0000	1.69.2.2.2.1
***************
*** 354,365 ****
  $_CONF['linksperpage'] = 10; // links per page
  
! // Parameters for checking words and HTML tags
  
! // *** Warning: Adding the following tags to the list of allowable HTML can
  // *** make your site vulnerable to scripting attacks!
! // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe>
! $_CONF['allowablehtml'] = '<p>,<b>,<i>,<a>,<em>,<br>,<tt>,<hr>,<li>,<ol>,<ul>,<code>,<pre>';
! $_CONF['adminhtml'] = $_CONF['allowablehtml'] . ', <div>,<table>,<tr>,<td>,<th>';
  
  $_CONF['censormode']    = 1;
  $_CONF['censorreplace'] = '*censored*';
--- 354,404 ----
  $_CONF['linksperpage'] = 10; // links per page
  
! // Parameters for checking HTML tags
  
! // *** Warning: Adding the following tags to the list of allowable HTML can     
  // *** make your site vulnerable to scripting attacks!
! // *** Use with care: <img> <span> <marquee> <script> <embed> <object> <iframe> 
! 
! /* This is a list of HTML tags that users are allowed to use in their posts.    
!  * Each tag can have a list of allowed attributes (see 'a' for an example).     
!  * Any attributes not listed will be filtered, i.e. removed.
!  */
  
+ $_CONF['user_html'] = array (
+     'p'    => array(),
+     'b'    => array(),
+     'i'    => array(),
+     'a'    => array('href' => 1, 'title' => 1),
+     'em'   => array(),
+     'br'   => array(),
+     'tt'   => array(),
+     'hr'   => array(),
+     'li'   => array(),
+     'ol'   => array(),
+     'ul'   => array(),
+     'code' => array(),
+     'pre'  => array()
+ );
+ 
+ /* This is a list of HTML tags that Admins (site admin and story admins) can
+  * use in their posts. It will be merged with the above list of user-allowable
+  * tags ($_CONF['user_html']). You can also add tags that have already been
+  * listed for the user-allowed HTML, so as to allow admins to use more
+  * attributes (see 'p' for an example).
+  */
+ $_CONF['admin_html'] = array (
+     'p'     => array('class' => 1, 'id' => 1, 'align' => 1),
+     'div'   => array('class' => 1, 'id' => 1),
+     'span'  => array('class' => 1, 'id' => 1),
+     'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1,
+                      'cellspacing' => 1, 'cellpadding' => 1),
+     'tr'    => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1),
+     'th'    => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
+                      'colspan' => 1, 'rowspan' => 1),
+     'td'    => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1,
+                      'colspan' => 1, 'rowspan' => 1)
+ );
+ 
+ // Parameters for checking for "bad" words
  $_CONF['censormode']    = 1;
  $_CONF['censorreplace'] = '*censored*';
***************
*** 379,383 ****
  }
  if (!defined ('VERSION')) {
!     define('VERSION', '1.3.7sr2');
  }
  
--- 418,422 ----
  }
  if (!defined ('VERSION')) {
!     define('VERSION', '1.3.7sr3');
  }

More information about the geeklog-cvs mailing list