Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> BUGS/FIXES - Raven's v7.3 Customized Distro
Author Message
dean
Worker
Worker


Joined: Apr 14, 2004
Posts: 193

PostPosted: Wed Aug 04, 2004 1:32 am Reply with quote

In previous nuke sites, I have used html to format a message and insert images. I finished installing the this distro and find that i get this message:
Quote:
The html tags you attempted to use are not allowed

when I attempt to insert the following html
Code:
<table border="0" cellpadding="2" style="border-collapse: collapse" width="100%" >

  <tr>
    <td width="24%" >
    <img border="0" src="DSCN0396.JPG" width="300" height="225"></td>
    <td width="76%">   
    <p align="left" style="margin-left: 20; margin-right: 20; text-indent:10">                     
    The Fritz Family Network is a website devoted to the Fritz family,
    grandparents, parents and children! The various features of this website are
    built around sharing news, conversation, pictures, recipes, important dates,
    etc.&nbsp; If you like what you see here, please contribute as much as you
    can to help building our website by adding whatever meets your fancy.&nbsp;
    <p align="left" style="margin-left: 20; margin-right: 20; text-indent:10">                     
    Since this is a new website, we invite you to test all of the features and
    report any difficulties you may have in navigating or adding to the Fritz
    Family Network<p align="left" style="margin-left: 20; margin-right: 20; text-indent:10">                       
    Since this is a private, secure website, you will need to<a style="color: #FF0000; text-decoration: none" href="http://alaskandog.com/fritz/modules.php?name=Your_Account&op=new_user">
    create an account here </a>and follow the instructions that are provided to
    you.&nbsp; Enjoy your stay and come back soon!<br>
 </tr>
</table>


What do I have to do to make this work?
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Wed Aug 04, 2004 4:25 am Reply with quote

mainfile.php has always disallowed certain html tags. I have not altered that. Here is the code as FB released it
Code:
foreach ($_GET as $secvalue) {

    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
   (eregi("\"", $secvalue))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}

foreach ($HTTP_GET_VARS as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
   (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
   (eregi("\"", $secvalue))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}

foreach ($_POST as $secvalue) {
    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
        die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}
If your html is using any of these tags then Nuke is rejecting it. You can override this but buyer beware Wink
 
View user's profile Send private message
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Mon Aug 23, 2004 1:36 am Reply with quote

Comment out the following code in your mainfile.php

In Some Distributions the code looks like this:
Code:
foreach ($_POST as $secvalue) { 

    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
        die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}

In others, it looks like this:
Code:
foreach ($_POST as $secvalue) { 

    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||   (eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
    }
}


In either case, comment all that out, make your webpage changes, then make it the way it was originally again by uncommenting it out.

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
barnaby101
New Member
New Member


Joined: Mar 02, 2005
Posts: 4

PostPosted: Sat Mar 05, 2005 6:50 am Reply with quote

I would like to be able to use the <table> tag as they do in postnuke
Are there any hacks out there which allow it?
 
View user's profile Send private message
Raven
PostPosted: Sat Mar 05, 2005 8:28 am Reply with quote

Please explain more as I'm not clear on what you are asking.
 
barnaby101
PostPosted: Sat Mar 05, 2005 5:20 pm Reply with quote

I have tried to paste in some articles into the "submit news" page.
The preview shows the tables I had but when I go in as admin to approve the news submitted, the module has stripped the html <table> and <br> tags from the submission making it unreadable.

Is there a code hack that allows me to enter tables and use the <br> tags out there?
 
64bitguy
PostPosted: Sat Mar 05, 2005 5:23 pm Reply with quote

You can use <br> by default.. I've never tried to add tables to news, so I have no idea what the impact would be.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> BUGS/FIXES - Raven's v7.3 Customized Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©