BBCode URL not working on the thumbnail view

[jsivins]

One of the sites I maintain with CPG 1.4.5 lost the BBCode to "hot link".. Anyone know how to reactivate them in the thumbnail view?? They work fine when bring up the full image.. Any help soon would be grateful..

[Joachim Müller]

I don't understand a word. Post a link to the page in question and (if needed) a non-admin test user account.

[jsivins]

visit http://www.allornothingtattoo.com/gallery/ and if you go to the album thumbnails view, the BBCode of URL is no longer active, but checking the settings BBCode is enabled. You can see that the BBCode works when you click to see the full image..

[Tranz]

In include/functions.inc.php

FIND:

Code Select Expand

            $caption .= $row['caption'] ? "<span class=\"thumb_caption\">".strip_tags(bb_decode($row['caption']))."</span>" : '';

REPLACE with:

Code Select Expand

            $caption .= $row['caption'] ? "<span class=\"thumb_caption\">".bb_decode(process_smilies($row['caption']))."</span>" : '';

@devs: I guess I've encountered and answered this question before because I have the above code in my own installation, but forgot why I had implemented it. Is there a reason why strip_tags() was used on the caption?

[Joachim Müller]

none that I'm aware of.

[jsivins]

That worked perfectly.. 

Thanks for the assist.. I can to the HTML stuff now.. LOL

[Tranz]

none that I'm aware of.

Should the code in svn be updated with this change?

[Joachim Müller]

hm, I'm not sure - this might have a security impact that we're not aware of right now. Could you please check the commit history of the file and check when the line in question has been changed and what the commit comment was? I'm not 100% sure that we're not going to re-open a security vulnerability there.

[Nibbler]

It's not very enlightening

------------------------------------------------------------------------
r2427 | donnoman | 2005-08-07 23:55:48 +0200 (Sun, 07 Aug 2005) | 2 lines

Added strip_tags to caption_in_thumbview

------------------------------------------------------------------------

[Joachim Müller]

Sent Donnoman a PM, asking him to take a look into this thread. Thanks for looking this up.

Joachim

[Tranz]

I searched the forums and found where donnoman talked about the code change: http://forum.coppermine-gallery.net/index.php?topic=15639.msg72916#msg72916

So it seems to be for security reasons, due to user-contributed comments.

Thanks for finding that entry, Nibbler. I looked at the svn log but didn't see anything helpful.

[donnoman]

Sorry Gaugau, for some reason I missed your PM, however the linked thread did describe why I did it.

If y'all don't think theres a problem showing the bb_decoded items then you can commit that change. I just couldn't bring myself to open it up; my paranoia got the better of me.

[Ardath Rekha]

Could that maybe be an option in the Config menu, whether to allow or disallow it?  Several of my older galleries, that I'm upgrading, rely very heavily on special formatting and links in the thumbnail views. I was tearing my hair out trying to figure out why all of my formatting had stopped working until I found this thread.

[Joachim Müller]

Did you read the thread Thu refered to? Do you have cpg1.4.9? Post a link to your coppermine-driven gallery.