> Is there a page or template I could look at? I've fixed issues before for phpNuke and I personally find Tiki to be much more complete both in breadth and depth of features so I'd love to put my 2 cents in to the project. If I can help out with this issue, I'd love to take a hack at it. I know php enough to figure stuff out and if you can point me in the right direction I'll see what I can do.
Ok, you'll need the tiki-setup.php file and look for the make_clean function, you'll see the embed and object in the regexp there. It was added for 1.8.2 so its not going to be an easy job of just removing it and commiting to CVS
For a perfect solution we would need some kind of hidden key passed from the banner form to let the code through without it being removed. just a post value isnt good enough as i could easily forge that on a custom it would need some kind of database table lookup as described on methods to prevent XSS and seasurfing, link below.
If you get lost in this, shout for me and we can battle it out on this thread