XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk


« 1 ... 16 17 18 (19) 20 21 »


181
mvandam
Re: htmlArea - WYSIWYG editor

  • 2003/7/24 0:25

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Thanks for the reply. It looks possible to modify htmlarea to disable 'code-mode' for certain users and/or to remove certain types of html elements from the htmlarea "menu".

On second thought, this is not where the *real* security happens though. The real security needs to happen on the backend. (Otherwise someone can just "forge" a form and submit to your XOOPS site a piece of text containing any tags he/she wishes). So the backend is where the tag restrictions etc. must happen.

It would be nice for the site visitors if the front-end (i.e. htmlarea) matched the acceptable set of tags though.

Seems like a reasonably big job though entirely possible. If XOOPS does eventually adopt something like this, the *first* step is securing the back end possibly allowing non-admins to enter a limited set of tags. The next step would be adding the HTML area.

Remember also, not everyone likes HTMLareas. I much prefer editing in text mode (or code mode), and would prefer to see a textarea even if an htmlarea was supported. I'm sure there are at least a few others who would agree. Perhaps that could be a user preference.
Topic | Forum


182
mvandam
Re: htmlArea - WYSIWYG editor

  • 2003/7/23 23:22

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


I am not too familiar with htmlarea, so I have a few questions.

As everyone is probably aware, it is a *huge* security risk to allow free HTML editing of content. What steps can you take with HTMLarea to:

- limit which tags are allowed (make sure 'script', 'frame', and some other ones aren't allowed)

- make sure tags are matched (i.e. you can go to "code" mode and type e.g <td> but no </td>; this can mess up page layout)

- make sure tag attributes like onclick, onfocus etc.. can't be used to trigger malicious javascript

Personally I wouldn't be too comfortable if my users could freely edit with HTML. Either the tags need to be limited, or BB code is a safer choice. As for removing "allow HTML", maybe it is better to leave it in... that way if 'allow HTML' is set, then the HTMLarea is used; otherwise a standard textarea is used. Also why not support *both* BB code and HTML editing. That way you can still allow BB code where you have select to not allow HTML editing.

Just some thoughts...
Topic | Forum


183
mvandam
Re: SOLVED - Making Xoops CONTENT Multilingual *Fixed Code Quote problem*

  • 2003/7/18 20:56

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Ah, yes good point dawilby... In many places, the title is truncated, just in case someone puts in a really long title (i.e. so they don't mess up your page layout). This trucation happens to the original full string... it is not until afterwards that the language hack occurs. Thus for the english one, the truncated title is "[spanish]...[/spanish][engl"... and then after the language hack, the 'spanish' part is stripped out, leaving only [engl...

Maybe this indicates a bug... need to look into it
Topic | Forum


184
mvandam
Re: SOLVED - Making Xoops CONTENT Multilingual *Fixed Code Quote problem*

  • 2003/7/17 18:17

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Quote:

Toward the bottom of the module.textsanitizer.php file in your class folder,
[...]
This forces the titles to go through the XOOPS codedecoder where it will find your original language hack.


I haven't tried it, but looks like it should work. The only drawback is that if your users catch on, you might start getting all kinds of XOOPS codes in your titles, include changes of color/size, images, etc...
Topic | Forum


185
mvandam
Re: SOLVED - Making Xoops CONTENT Multilingual *Fixed Code Quote problem*

  • 2003/7/17 11:03

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Hmmm, seems trickier. The title is stored in a relatively small fixed-length field. If you started adding:

[english]My Title[/english][gibberish]@#$SassdD#233[/gibberish]

you would soon run out of space for the real title. So I don't think the same approach would work easily unless title field was vastly extended in size.

Any ideas?
Topic | Forum


186
mvandam
Re: SOLVED - Making Xoops CONTENT Multilingual

  • 2003/7/16 23:40

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


In case you want this in a hurry...

In your above post, where you pointed out the difference between the line in your file and line in the post, you can basically see what changes you need:

i.e. add a backslash before '[', ']' and '/' in the regular expressions.
Topic | Forum


187
mvandam
Re: SOLVED - Making Xoops CONTENT Multilingual

  • 2003/7/16 19:09

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Quote:

Any thoughts on what is causing this?


I have this problem before... When posting on the forums at xoops.org (or any XOOPS site), some characters in a [ code ] block are changed/removed/show up differently than entered. Generally it affects backslashes and maybe quotes, especially a problem for regexps. i.e. So what you see above is probably not what Chado actually has in the file...
Topic | Forum


188
mvandam
Re: different location for a module

  • 2003/7/11 7:15

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Quote:

my hoster doesn't alllow me to edit the httpd.conf

still any other ideas??


You might be able to put rewrite rules in .htaccess files in appropriate directories. I don't have experience with this though, but if you search on google there are plenty of examples. It depends on the permissions set by your hoster.

If that doesn't work, I'm not sure what else to suggest. It is pretty ingrained into XOOPS that modules must reside in xoops_dir/modules/module_name...
Topic | Forum


189
mvandam
Re: different location for a module

  • 2003/7/10 22:40

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Nope. Why do you need the module moved... just the sake of a nicer URL?

If yes, and if you are using the apache webserver you can use the "mod_rewrite" feature which will convert the incoming URL request /rootweb/forum into /rootweb/modules/pbboard to access those files. i.e. gives you a nice URL without moving files.
Topic | Forum


190
mvandam
Re: Blank page after instalation

  • 2003/7/9 19:18

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


OK, glad you got it working. I'll update the wiki page with this information. Thanks!
Topic | Forum



TopTop
« 1 ... 16 17 18 (19) 20 21 »



[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

190 user(s) are online (108 user(s) are browsing Support Forums)

Members: 0

Guests: 190

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits