Page 1 of 1
[BUG] [J2.5.6] Tag-filtering in file descriptions
Posted: 28 Jun 2012, 15:27
by sgofferj
PD filters tags from file descriptions...
I wanted to put a Paypal donation button into file description and on ANY save, the action parameter from the form tag was stripped.
This must be a Phoca Download issue, because when I put the same code to an article or a Custom HTML module, the action parameter is not stripped and everything works fine.
Tested with JCE, MCE, Codewarrior and "no editor".
Re: [BUG] [J2.5.6] Tag-filtering in file descriptions
Posted: 29 Jun 2012, 16:03
by Jan
Hi, this is becasue of security reasons, because the description can be displayed in javascript, etc. etc.
For changing it, you should remove the protection in XML file:
administrator\components\com_phocadownload\models\forms\phocadownloadfile.xml
Code: Select all
<field name="description" type="editor" buttons="true" hide="pagebreak,readmore" class="inputbox" label="COM_PHOCADOWNLOAD_FIELD_DESCRIPTION_LABEL" filter="safehtml" description="COM_PHOCADOWNLOAD_FIELD_DESCRIPTION_DESC" />
Remove: filter="safehtml" or set own.
Jan
Re: [BUG] [J2.5.6] Tag-filtering in file descriptions
Posted: 04 Jul 2012, 15:12
by sgofferj
Thanks!
Is there a specific reason why you put an additional filter there - in addition to the central filter/blacklist/whitelist settings?
Re: [BUG] [J2.5.6] Tag-filtering in file descriptions
Posted: 07 Jul 2012, 13:19
by Jan
Not sure which other central filter/blacklist/whitelist you mean?
Re: [BUG] [J2.5.6] Tag-filtering in file descriptions
Posted: 09 Jul 2012, 12:58
by sgofferj
Site -> Global Configuration -> Text filters
. Not sure, when it was introduced, I think, J!1.7
Re: [BUG] [J2.5.6] Tag-filtering in file descriptions
Posted: 12 Jul 2012, 17:50
by Jan
I see now:
filter="JComponentHelper::filterText"
I will take a look at it for next release - to decide if the safehtml should stay or this should be managed by global configuration rights.
Thank you, Jan