WYSIWYG editor also in Add FAQ page for non logged users
Moderator: Thorsten
WYSIWYG editor also in Add FAQ page for non logged users
Is there a way to enable WYSIWYG editor also for non logged users in the Add Faq page?
FAQ posted by users are just plain text, without nothing and an admin must do all the job to transform it in a decent way with link, paragraph and all other things.
FAQ posted by users are just plain text, without nothing and an admin must do all the job to transform it in a decent way with link, paragraph and all other things.
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
you could add the WYSIWYG editor but do you think about security issues letting everyone posting HTML content to your FAQ?
bye
Thorsten
you could add the WYSIWYG editor but do you think about security issues letting everyone posting HTML content to your FAQ?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: WYSIWYG editor also in Add FAQ page for non logged users
I enabled TinyMCE, but the html tags are removed when I submit a new FAQ as non logged user.
How can I mantain the html code and also only permit certain code (example only allowed code are br, b, u, ul, li, img and so on)?
Thanks
How can I mantain the html code and also only permit certain code (example only allowed code are br, b, u, ul, li, img and so on)?
Thanks
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
you have to change some code in save.php.
You have to change the line
http://github.com/thorsten/phpMyFAQ/blo ... ve.php#L41
to
bye
Thorsten
you have to change some code in save.php.
You have to change the line
http://github.com/thorsten/phpMyFAQ/blo ... ve.php#L41
to
Code: Select all
$content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_STRING);
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: WYSIWYG editor also in Add FAQ page for non logged users
I have modifyed it but nothing changed, the text is saved without any html tag.
And also now, even if I have checked the Active button of a new faq, it doesn't appear on the site, I must modify that faq and click on save to see it in the public website.
The site is 1e2.it/faq
And also now, even if I have checked the Active button of a new faq, it doesn't appear on the site, I must modify that faq and click on save to see it in the public website.
The site is 1e2.it/faq
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
okay, just take a look into admin/record.add.php for which filter you will need.
bye
Thorsten
okay, just take a look into admin/record.add.php for which filter you will need.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
I tried several times, but I'm not able to find the right way to modify record.add.php. Can you help me, please?
Anyway, a suggestion for future release can be a filter that enable only certain html tags like b, ul, li, s... just like in a forum.
I tried several times, but I'm not able to find the right way to modify record.add.php. Can you help me, please?
Anyway, a suggestion for future release can be a filter that enable only certain html tags like b, ul, li, s... just like in a forum.
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
it's this line of code:
I think about a save solution for enabling HTML support.
bye
Thorsten
it's this line of code:
Code: Select all
$content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_SPECIAL_CHARS);
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: WYSIWYG editor also in Add FAQ page for non logged users
I have already tried to comment out that line or to use FILTER_VALIDATE_INT or other type of filter but no success.
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
FILTER_VALIDATE_INT cannot work because it checks for integer values. The code above works.
bye
Thorsten
FILTER_VALIDATE_INT cannot work because it checks for integer values. The code above works.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: WYSIWYG editor also in Add FAQ page for non logged users
The code above is the original code, so it doesn't work.
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
if you comment that code out, it cannot work. You have to use FILTER_SANITIZE_SPECIAL_CHARS instead of the current FILTER_SANITIZE_STRING, otherwise all HTML will be removed.
bye
Thorsten
if you comment that code out, it cannot work. You have to use FILTER_SANITIZE_SPECIAL_CHARS instead of the current FILTER_SANITIZE_STRING, otherwise all HTML will be removed.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: WYSIWYG editor also in Add FAQ page for non logged users
Ok, so I have only to modify save.php and use instead of line 41
and the admin/record.add.php should remain the same, so the line 50 is
In this way it works perfectly. Thank you.
Code: Select all
$content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_SPECIAL_CHARS);
Code: Select all
$content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_SPECIAL_CHARS);
Re: WYSIWYG editor also in Add FAQ page for non logged users
Hi,
good.
bye
Thorsten
good.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: WYSIWYG editor also in Add FAQ page for non logged users
To secure the wysiwyg editor from html attacks there are valid method:
http://framework.zend.com/manual/en/zen ... input.html
http://htmlpurifier.org/
and the one I'm going to implement HTMLawed: http://www.bioinformatics.org/phplabwar ... /htmLawed/
http://framework.zend.com/manual/en/zen ... input.html
http://htmlpurifier.org/
and the one I'm going to implement HTMLawed: http://www.bioinformatics.org/phplabwar ... /htmLawed/