Not a good idea: Using Inline CSS in the output of the Content Not a good idea: Using Inline CSS in the output of the Content
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Not a good idea: Using Inline CSS in the output of the Content

Started by iamwhatiam, September 04, 2011, 12:26:05 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

iamwhatiam

September 04, 2011, 12:26:05 PM
Using CSS inline styles in HTML tags like "<td style="width: 100%">" makes it really hard to style the gallery by myself. Overwriting these tags is really hard, maybe impossible for much people. This could be the reason for the few styles available for Coppermine-Gallery.

Btw: The verification on register AND posting really makes no fun. I know the problems of bots, but if posting is only allowed to registered users, the capcha may be enough at registering and maybe could be removed at posting for registered users, since others are not allowed to post anything.

iamwhatiam

#1
September 04, 2011, 04:36:32 PM
To make it more clear (it may be unclear):

Coppermine itselfs is rendering (giving out) CSS within HTML tags, which makes it hard to style (create themes) for coppermine with CSS.

Αndré

#2
September 05, 2011, 09:58:37 AM
Can you please post some examples where that inline CSS occurs?

iamwhatiam

#3
September 05, 2011, 09:47:43 PM
<table align="center" width="600" cellspacing="1" cellpadding="0" class="maintable ">
                      <td class="tableb" width="40%">Benutzername</td>
                      <td class="tableb" width="60%"><input type="text" class="textinput" name="username" style="width: 100%" tabindex="1" /></td>
<div class="footer" align="center" style="padding:10px;display:block;visibility:visible; font-family: Verdana,Arial,sans-serif;">Powered by <a href="http://coppermine-gallery.net/" title="Coppermine Photo Gallery" rel="external">Coppermine Photo Gallery</a></div>

And that only on the login page. Also the classes could be given better, so the creators of themes could be more free at their work and distinguish more elements.

Btw: As there are remote exploits available for Coppermine, I would suggest you to add an option to remove the HTML comment which provides the version number of Coppermine. Thanks for reading and your answer.

Αndré

#4
September 06, 2011, 10:18:16 AM
Quote from: iamwhatiam on September 05, 2011, 09:47:43 PM
Also the classes could be given better
You're welcome to contribute code change proposals for the next major release (cpg1.6.x).


Quote from: iamwhatiam on September 05, 2011, 09:47:43 PM
As there are remote exploits available for Coppermine, I would suggest you to add an option to remove the HTML comment which provides the version number of Coppermine.
Security through obscurity is no option imo. But we don't need to discuss that in this thread.

KoD

#5
September 13, 2011, 02:26:33 PM
in that cause what I suggest is that
we can use external CSS file that will keep the style information away from the page code
also its good practice for many features for example we can have 3 style files and invoke them depending on what user desire using PHP function that uses style number as parameter.
also, it will be easier if just define the class or the ID in the html tags
I can slightly help in CSS cause I have some background but I like to contribute in PHP coding more than CSS
Print
Go Up Pages1
User actions