no pictures shown img tag filtering :: Zikula Community

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

craigh responded to »Using PageUtil::addVar() to load script code« 03:29 PM
michiel responded to »password problem« 10:01 AM
mazdev responded to »Hide "Register new account" and change template to 3 col« 07:50 AM
mesteele101 created topic »Zikula 1.3.3 - Site Search 1.5.2 - Unable to turn off plug-ins« 07:48 AM
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

no pictures shown img tag filtering

Print topic

shoshia

Rank: Softmore

Registered: Mar 10, 2005

Last visit: Mar 18, 2010

Posts: 288
Posted: Dec 01, 2011 - 04:50 AM

Hi i have enabled:
img allowed in security center

Code
<img src="http://gdri.ge/site/images/news_picupload/pic_sid2-0-thumb2.jpg" alt="Angry" align="top" width="32" height="32"/>

is displayed as text
img src="http://gdri.ge/site/images/news_picupload/pic_sid2-0-thumb2.jpg" alt="Angry" align="top" width="32" height="32"

when i have

Code
<img> tags
<img> src="http://gdri.ge/site/images/news_picupload/pic_sid2-0-thumb2.jpg" alt="Angry" align="top" width="32" height="32"</img>
tag is stripped out and
only
src="http://gdri.ge/site/images/news_picupload/pic_sid2-0-thumb2.jpg" alt="Angry" align="top" width="32" height="32" left as a text

I dont use scribite.
used "text formatted with mark-up language"...

zikula 1.2.8 :News and Pages Modules

PHP 'magic_quotes_gpc' setting is ON, but should be OFF---- can this cause above mentioned problem?

Edited by shoshia on Dec 01, 2011 - 05:04 AM.
shoshia

Rank: Softmore

Registered: Mar 10, 2005

Last visit: Mar 18, 2010

Posts: 288
Posted: Dec 01, 2011 - 05:18 AM

Interesting is that in "Preview" of News module i see images but tags are stripped when push submit/update

actually same problem with
Code
<a></a>
tags also

Code
<a href="http://www.w3schools.com">Visit W3Schools.com!</a>

shows

href="http://www.w3schools.com">Visit W3Schools.com!

Edited by shoshia on Dec 01, 2011 - 05:25 AM.
shoshia

Rank: Softmore

Registered: Mar 10, 2005

Last visit: Mar 18, 2010

Posts: 288
Posted: Dec 04, 2011 - 03:56 AM

Problem satys..but i fund strange thing...

this code

Code
<img title="bikerpeep" alt="bikerpeep" src="/128/modules/scribite/pnincludes/xinha/plugins/ExtendedFileManager/demo_images/bikerpeep.jpg" height="113" width="150" />

is stored in database exactly as it is...
image is shown in scribite (as i mentioed in previous post problem is not scribite related)
image is shown in preview (News module feature)
but instead of image i see just a code when i render arcicle.

when i checked the generated source in browser source viewer I see

Code
<div id="news_body" class="news_body">
<div class="news_hometext">
a &lt img title=dblquote(i mispelled for purois here) bikerpeep" alt="bikerpeep" src="/128/modules/scribite/pnincludes/xinha/plugins/ExtendedFileManager/demo_images/bikerpeep.jpg" height="113" width="150" /> <img style="width: 185px; height: 141px;" src="/128/themes/gdri/images/logo.png" class="logo" alt="ggg" />

</div>

it seems lt quot characters are translated as a simple text but not as a tag directives...why?

it does not matter i enable "tTranslate embedded HTML entities into real characters" or not and doews not mater i set HTMLoutput filter or internal filter

OK found it
this happens in datautil class format for displayHTML function

here:

Code
// Encode email addresses
$var = preg_replace($search, $replace, $var);

// Fix html entities
$var = htmlspecialchars($var);

// Fix the HTML that we want
$var = preg_replace_callback('/2([^4]*)4/', 'DataUtil_pnVarPrepHTMLDisplay__callback', $var);

// Fix entities if required
if (pnConfigGetVar('htmlentities')) {
$var = preg_replace('/&([a-z#0-9]+);/i', "&;", $var);

why is needed to convert htmlspecialchars? and convert back some staff?

Edited by shoshia on Dec 04, 2011 - 04:35 AM.
nestormateo

Rank: Team Member

Registered: Sep 06, 2006

Last visit: May 09, 2010

Posts: 2446
Posted: Dec 04, 2011 - 09:11 AM

But are IMG and A allowed with parameters?
Allowed is not enough. The HTML settings have:
Not allowed, Allowed, Allowed with parameters.

Be sure you have your tags in the last option.

--
- Mateo T. -
Mis principios... son mis fines
shoshia

Rank: Softmore

Registered: Mar 10, 2005

Last visit: Mar 18, 2010

Posts: 288
Posted: Dec 04, 2011 - 11:29 PM

Quote
Be sure you have your tags in the last option.

yes you are right... "with parameters" option worked for images...
but not for iframe (when embedding videos) when HTMLfilter is onn.
whe i switched to use internal filter it worked.
nestormateo

Rank: Team Member

Registered: Sep 06, 2006

Last visit: May 09, 2010

Posts: 2446
Posted: Dec 05, 2011 - 06:05 AM

IFRAME and OBJECT are tags blocked by safeHTML always.

If you want to use them, go to the Security Settings and use the internal output filter, which uses exactly your HTML settings, instead the safeHTML output filter

--
- Mateo T. -
Mis principios... son mis fines
stefani88

Rank: Registered User

Registered: Feb 16, 2012

Last visit:

Posts: 1
Posted: Feb 16, 2012 - 08:10 PM

Thank you so much for your post.

__________________
Watch Ghost Rider: S…nce Online for Free