Loading...
 
Features / Usability

Features / Usability


Re: Re: Saving a new banner generates SQL Error

United Kingdom

> alan8373:
> Damian,
>
> Is there a page or template I could look at? I've fixed issues before for phpNuke and I personally find Tiki to be much more complete both in breadth and depth of features so I'd love to put my 2 cents in to the project. If I can help out with this issue, I'd love to take a hack at it. I know php enough to figure stuff out and if you can point me in the right direction I'll see what I can do.
>
> Thanks,
> Alan
>

Ok, you'll need the tiki-setup.php file and look for the make_clean function, you'll see the embed and object in the regexp there. It was added for 1.8.2 so its not going to be an easy job of just removing it and commiting to CVS wink

For a perfect solution we would need some kind of hidden key passed from the banner form to let the code through without it being removed. just a post value isnt good enough as i could easily forge that on a custom it would need some kind of database table lookup as described on methods to prevent XSS and seasurfing, link below.

If you get lost in this, shout for me and we can battle it out on this thread smile

Damian

Upcoming Events

No records to display

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.