| Author |
 Topic  |
|
dayve
Forum Moderator
USA
5820 Posts |
 Posted - 27 May 2001 : 01:23:04
|
Before I tackle this myself, is there any mod/feature out there that will allow Admins and Moderators the use of HTML without having to turn on HTML? I have a use for HTML but do not want to grant this feature to members. TIA...
Dayve |
|
|
gor
Retired Admin
Netherlands
5511 Posts |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 27 May 2001 : 12:17:51
|
well, I should be able to add code similar to if mlev = 1 with code for Allow HTML, I think this should be easily done and should be standard for Admins to be able to use HTML. I will poke around the code. I am sure it is in the inc_functions.asp somewhere...
Dayve |
 |
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 27 May 2001 : 15:19:02
|
You could try changing this code:
elseif fField_Type = "message" then
if strAllowHTML <> "1" then
fString = HTMLEncode(fString)
end if
in inc_functions.asp to
elseif fField_Type = "message" then
if (strAllowHTML <> "1" and mLev <> 4) then
fString = HTMLEncode(fString)
end if
But since I didn't test it, I don't know it it will work.
Admin user -> mLev = 4
Pierre
Join the Snitz WebRing |
|
|
|
Aznknight
Senior Member
USA
1373 Posts |
Posted - 27 May 2001 : 15:56:21
|
hmm interesting concept, i'm gonna try it out 
- Alan
www.iamviet.com
www.calvsa.net
Snitz Resource |
|
|
|
Deleted
deleted
4116 Posts |
Posted - 27 May 2001 : 16:35:38
|
This is something which mustis very desirable to be hardcoded (and documented) in the next version. Give better rights to admins !
Bulent Ozden
Edited by - bozden on 27 May 2001 18:39:20 |
|
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 27 May 2001 : 17:03:02
|
quote:
This is something which must be hardcoded (and documented) in the next version. Give better rights to admins !
Not everyone has the same needs or wishes, that is why we have so many MODS and that is why everyone can modify the code to their needs.
Enabling HTML for anyone (even admin-users) can pose a potential security risk so if it was to be included it would have to be optional, but then there probably also would be someone that would want specific moderators in specific forums to be able to post HTML...combined with this not being high on the priority list for now...means that this won't be in the next version.
Pierre
Join the Snitz WebRing |
|
|
|
Deleted
deleted
4116 Posts |
Posted - 27 May 2001 : 18:36:36
|
Well, I mean the version after v3.5: For sure after the Internationalization.
Gor, I have some questions regarding this:
1) If the HTML feature causes security risc, whay is it there? At least why is it so easily selectable by "novice" admins?
2) If someone has mLev=4, then he/she can also change everything, even disable forum usage (provided he/she knows the admin username/pass).
3) If the risc is caused by keeping cookies on computers, why not ask the user the admin username&password just after posting (well this needs a bit more coding)...
Offcourse everybody does not have the same needs, these security related things must be examined in more detail etc.etc.
I think this will be good, because more and more users plug the forum into their websites from the main page, and use it as a content management system.
So, what I will do is, to replace the bold "must" with a bold "is very desirable to" in my previous post .
Bulent Ozden |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 27 May 2001 : 19:24:31
|
quote:
You could try changing this code:
elseif fField_Type = "message" then
if strAllowHTML <> "1" then
fString = HTMLEncode(fString)
end if
in inc_functions.asp to
elseif fField_Type = "message" then
if (strAllowHTML <> "1" and mLev <> 4) then
fString = HTMLEncode(fString)
end if
But since I didn't test it, I don't know it it will work.
Admin user -> mLev = 4
Pierre
Join the Snitz WebRing
that's what I plan on doing and I goofed with the 1, that would have driven me nuts troubleshooting if I used the number 1 though huh.. I agree that this should be hard coded for admins, just my two sense....
Dayve |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 27 May 2001 : 19:57:00
|
yeah, it works as advertised, I also edited the post.asp file
<% if (strAllowHTML = "1" or mLev = 4) then %>
* HTML is ON<br>
<% else %>
* HTML is OFF<br>
<% end if %>
Dayve |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 27 May 2001 : 20:09:35
|
when I try to edit HTML posts I get something similar to this:
[img]http://www.nineinchnailz.com/images/ninzlogo.gif">
guess I need to find the translation part on this.
Dayve |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 27 May 2001 : 20:17:14
|
all done, everything works...
needed to change this too in inc_functions.asp:
if (strIMGInPosts = "1" and strAllowHTML = "1") then
fString = replace(fString, "<img src=""","[ img]", 1, -1, 1)
fString = replace(fString, "<img align=right src=""","[ img=right]", 1, -1, 1)
fString = replace(fString, "<img align=left src=""","[ img=left]", 1, -1, 1)
fString = replace(fString, """ border=0>","[/img]", 1, -1, 1)
fString = replace(fString, """ id=right border=0>","[/img=right]", 1, -1, 1)
fString = replace(fString, """ id=left border=0>","[/img=left]", 1, -1, 1)
end if
and
if (strIMGInPosts = "1" and strAllowHTML = "1") then
fString = doCode(fString, "[ img]","[/img]","<img src=""",""" border=0>")
fString = doCode(fString, "[ img]","[/img]","<img src=""",""" border=0>")
fString = doCode(fString, "[ img=right]","[/img=right]","<img align=right src=""",""" id=right border=0>")
fString = doCode(fString, "[ img=right]","[/img=right]","<img align=right src=""",""" id=right border=0>")
fString = doCode(fString, "[ img=left]","[/img=left]","<img align=left src=""",""" id=left border=0>")
fString = doCode(fString, "[ img=left]","[/img=left]","<img align=left src=""",""" id=left border=0>")
end if
otherwise when you edit a topic that has html and images it would be all out of whack...
EZ Mod...
side note >> had to put spaces in the above code for IMG otherwise it tried to load an image
Edited by - dayve on 28 May 2001 02:16:28 |
|
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 28 May 2001 : 01:08:12
|
Dayve,
Thanks for sharing your code. I'll move this to the MODS forum....
Pierre
Join the Snitz WebRing |
|
|
|
pure-rock
Starting Member
10 Posts |
Posted - 28 May 2001 : 01:23:47
|
I need to do this aswell!
could someone plz explain in more detail for me what files and where need to be changed
thankyou!!
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 28 May 2001 : 02:15:29
|
quote:
Well, I mean the version after v3.5: For sure after the Internationalization.
Gor, I have some questions regarding this:
1) If the HTML feature causes security risc, whay is it there? At least why is it so easily selectable by "novice" admins?
2) If someone has mLev=4, then he/she can also change everything, even disable forum usage (provided he/she knows the admin username/pass).
3) If the risc is caused by keeping cookies on computers, why not ask the user the admin username&password just after posting (well this needs a bit more coding)...
Offcourse everybody does not have the same needs, these security related things must be examined in more detail etc.etc.
I think this will be good, because more and more users plug the forum into their websites from the main page, and use it as a content management system.
So, what I will do is, to replace the bold "must" with a bold "is very desirable to" in my previous post .
Bulent Ozden
the only real potential for problems is the use of client side javascript or vbscript (IE) which I am considering creating filters for regardless. vbscript can be interpreted by Windows Scripting and then you can have some malicious people out there doing some heavy duty damage!! Pure HTML I don't see as being an issue except when used improperly could prevent the viewing of a page (eg, someone creates a table and does not close it properly, Netscape would show nothing on the page!!) As an Admin though I really think that they should be at a level to understand this and would take every precaution possible to prevent screwing up the forum.
gor: cool deal adding this to the Mod section
pure-rock: everything you need to know is in this section. read the previous posts and modify the inc_functions.asp and post.asp as noted above. It's not a major mod, simple line for line edits.
Dayve |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 28 May 2001 : 02:21:52
|
inc_functions.asp
>> find every instance of this..
elseif fField_Type = "message" then if strAllowHTML <> "1" then fString = HTMLEncode(fString) end if
and replace with this..
elseif fField_Type = "message" then if (strAllowHTML <> "1" and mLev <> 4) then fString = HTMLEncode(fString) end if
find and replace these lines too:
if (strIMGInPosts = "1" and strAllowHTML = "1") then
fString = replace(fString, "<img src=""","[ img]", 1, -1, 1)
fString = replace(fString, "<img align=right src=""","[ img=right]", 1, -1, 1)
fString = replace(fString, "<img align=left src=""","[ img=left]", 1, -1, 1)
fString = replace(fString, """ border=0>","[/img]", 1, -1, 1)
fString = replace(fString, """ id=right border=0>","[/img=right]", 1, -1, 1)
fString = replace(fString, """ id=left border=0>","[/img=left]", 1, -1, 1)
end if
and
if (strIMGInPosts = "1" and strAllowHTML = "1") then
fString = doCode(fString, "[ img]","[/img]","<img src=""",""" border=0>")
fString = doCode(fString, "[ img]","[/img]","<img src=""",""" border=0>")
fString = doCode(fString, "[ img=right]","[/img=right]","<img align=right src=""",""" id=right border=0>")
fString = doCode(fString, "[ img=right]","[/img=right]","<img align=right src=""",""" id=right border=0>")
fString = doCode(fString, "[ img=left]","[/img=left]","<img align=left src=""",""" id=left border=0>")
fString = doCode(fString, "[ img=left]","[/img=left]","<img align=left src=""",""" id=left border=0>")
end if
post.asp
>> find and replace these lines
<% if (strAllowHTML = "1" or mLev = 4) then %>
* HTML is ON<br>
<% else %>
* HTML is OFF<br>
<% end if %>
sorry my documentation is lacking, bad habit of mine for a long time...
Dayve |
|
|
|
Topic |
|
|
|
Topic Locked
