Bug #586
does not show the styles css in post view
Description
In forums, the post view does not show the styles css
Despues de escribir un post, o responder/citar un mensaje, en las vistas sea Plana Arborescente Jerarquizado no se leen los estilos css o html
es decir, si le pongo negrita, subrayado, viƱetas etc, en el campo se guarda todo y el html lo mantiene, pero en las vistas mencionada muestra un texto plano sin estilos
History
Updated by Hubert Borderiou about 11 years ago
Updated by Hi,
I was working on that issue while testing adding media files on forum...
I've found 2 issues
- information concerning style or media aren't stored in the database (except for images):
it's in file main/forum/reply.php, line 228 if you replacestore_reply(Security::remove_XSS($values));
withstore_reply($values);
but I don't know the consequences concerning security...
- tag aren't displayed on the post view
it's still a consequence of the Security::remove_XSS on files main/forum/viewthread_flat.inc.php
it's ok if you delete line 138 :$row['post_text']= Security::remove_XSS($row['post_text']);
delete line 133 for file main/forum/viewthread_nested.inc.php
and
delete line 311 and remove Security::remove_XSS line 314 for file main/forum|viewthread_threaded.inc.php
I don't know whet kind of security add to these fields before displaying it...
Updated by Julio Montoya about 11 years ago
Updated by - Assignee changed from Carlos Vargas to Julio Montoya
i get this one
Updated by Julio Montoya about 11 years ago
Hello Hubert,
You are right, is not necesary this store_reply(Security::remove_XSS($values));
We use only Security::remove_XSS() when showing links, info to the user to avoid XSS. We should not use remove_XSS when we are going to add to the DB.
We should only use the Database::escape_string() function
I will make some cleaning in that file
Updated by Julio Montoya about 11 years ago
- Status changed from Assigned to Needs testing
- Assignee changed from Julio Montoya to Carlos Vargas
- % Done changed from 0 to 90
I made many changes Carlos can you please test this?
Updated by Bryan Fuertes Malca over 9 years ago
Updated by Bryan Fuertes Malca - Assignee changed from Carlos Vargas to Bryan Fuertes Malca
Updated by Bryan Fuertes Malca over 9 years ago
- Status changed from Needs testing to Feature implemented
- % Done changed from 90 to 100
Tome la tarea julio, he probado los estilos de los mensajes de los post en los foros en sus distintas vistas y conserva los estilos que se le han asignado.