Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Allow HTML in Comments?  XML
Forum Index » Support Forum
Author Message
[Post New]04/02/2005 11:42:06
    Subject: Allow HTML in Comments?
[Up]
Nunzio
Newbie

Joined: 04/02/2005 11:33:51
Messages: 2
Offline
Hi. I'm using Adv. Guestbook v2.2. I have it set so that a password is required for a Comment and right now nobody can add a Comment to an existing entry other than myself. What needs to be changed/included to allow me to use/include HTML in my Comments? I would assume that comment.php needs editing but I may be wrong.

Thanks in advance,
Nunzio
[Post New]04/02/2005 14:17:24
    Subject:
[Up]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline
If you allow html you will be setting yourself up to be hacked. version 2.2 is vulnarable enough to exploits without useing carbs update script and disableing html.
LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
[Post New]04/02/2005 14:58:56
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Only he can enter comments though so no worries there. I'll look at which line you need to edit later today.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]04/02/2005 17:09:24
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
If you have AGcode allowed you can use AGcode in comments. You obviously have HTML in posts diabled which is the intelligent thing as it is exploitable and so if AGcode does not provide you with the tgas you need in your comments follow these instructions.

1 - Open up lib/comment.class.php.

2 - Locateand delete it.

3 - Save and close the file and thats it.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]04/02/2005 18:34:17
    Subject:
[Up]
Nunzio
Newbie

Joined: 04/02/2005 11:33:51
Messages: 2
Offline
Carbonize...

Thanks very much. Works a treat!
I commented out ( // ) those lines instead of actually deleting them so that in future if I feel like it I can always un-comment them again.

And yes... I'm the only one permitted to add a Comment, and yes... HTML is disabled for all guests signing the guestbook, so there should be no security risks.

Again, thank you Carb.
Take care,
Nunzio
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum