html tags html tags
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

html tags

Started by bizlur, January 30, 2006, 11:03:24 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

bizlur

hello everyone... I hope someone here can help me.

We use CPG on our website to upload and store images of inventory/misc to be used on our website.

We have PHP script on our page that reads from the coppermine gallery and uses things such as image locations and descriptions to be shown on the page viewable to the public.

I have had a request to get the descriptions to allow for "<" and ">" so that the user can add html tags such as bold or "br" etc.  I have removed the charactors from the charactors that are not allowed and found in the db_input.php file there is a place where it replaces these charactors with GT and LT.  I removed those.  But it still stores the info into the database as LT and GT.

What file is this "switch" in that I will need to turn off/erase to get it to stop doing this. 

I have searched through all the pages that seem like that might be the right one... ending up with no luck in the end.

Thanks in advance to anyone that can help me!

Brian


Joachim Müller

you're strongly advised not to allow html in fields where users can input text. There are very good reasons why all the code exists that removes the < and > and disallows html parsing. Make them use bbcode instead. I won't look into a mod that will make your page completely unsecure.