Project

General

Profile

Bug #586

does not show the styles css in post view

Added by Carlos Vargas almost 10 years ago. Updated over 8 years ago.

Status:
Feature implemented
Priority:
Normal
Category:
-
Target version:
-
Start date:
08/02/2010
Due date:
% Done:

100%

Estimated time:
Spent time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

In forums, the post view does not show the styles css

Despues de escribir un post, o responder/citar un mensaje, en las vistas sea Plana Arborescente Jerarquizado no se leen los estilos css o html
es decir, si le pongo negrita, subrayado, viƱetas etc, en el campo se guarda todo y el html lo mantiene, pero en las vistas mencionada muestra un texto plano sin estilos

History

#1

Updated by Hubert Borderiou almost 10 years ago

Hi,
I was working on that issue while testing adding media files on forum...

I've found 2 issues

  • information concerning style or media aren't stored in the database (except for images):
    it's in file main/forum/reply.php, line 228 if you replace
    store_reply(Security::remove_XSS($values));
    

    with
    store_reply($values);
    

    but I don't know the consequences concerning security...
  • tag aren't displayed on the post view
    it's still a consequence of the Security::remove_XSS on files main/forum/viewthread_flat.inc.php
    it's ok if you delete line 138 :
    $row['post_text']= Security::remove_XSS($row['post_text']);
    

delete line 133 for file main/forum/viewthread_nested.inc.php
and
delete line 311 and remove Security::remove_XSS line 314 for file main/forum|viewthread_threaded.inc.php

I don't know whet kind of security add to these fields before displaying it...

#2

Updated by Julio Montoya almost 10 years ago

  • Assignee changed from Carlos Vargas to Julio Montoya

i get this one

#3

Updated by Julio Montoya almost 10 years ago

Hello Hubert,
You are right, is not necesary this store_reply(Security::remove_XSS($values));
We use only Security::remove_XSS() when showing links, info to the user to avoid XSS. We should not use remove_XSS when we are going to add to the DB.
We should only use the Database::escape_string() function
I will make some cleaning in that file

#4

Updated by Julio Montoya almost 10 years ago

  • Status changed from Assigned to Needs testing
  • Assignee changed from Julio Montoya to Carlos Vargas
  • % Done changed from 0 to 90

I made many changes Carlos can you please test this?

#5

Updated by Bryan Fuertes Malca over 8 years ago

  • Assignee changed from Carlos Vargas to Bryan Fuertes Malca
#6

Updated by Bryan Fuertes Malca over 8 years ago

  • Status changed from Needs testing to Feature implemented
  • % Done changed from 90 to 100

Tome la tarea julio, he probado los estilos de los mensajes de los post en los foros en sus distintas vistas y conserva los estilos que se le han asignado.

Also available in: Atom PDF