I uploaded the patch for 7.9 today, and since then Images in stories are gone. Also the topic image is not displaying either. I've edited my config.php to have
$AllowableHTML = array("b"=>1,"img"=>2,
In it (I cut off the rest for this post because its pretty long). I've searched around on these forums a bit, and found that I may need to modify the mainfile.php in order to get this to work.. is that correct?
If it is, which lines in the mainfile.php should I be looking to edit or remove? I'm not too worried about there being a problem with submissions because only a couple people will be able to submit news on my site.
Thanks again for all the help. I'm hoping the patched 7.9 fixes some of the other problems I've had with mods & phpnuke
Edit: Just read on http://nukecops.com/PHP-Nuke_allow-special-html-tags.html what I may need to modify. Made sure again that "img"=>2 was in the AllowableHTML section & commented out the 2 sections in the check_html section of mainfile.php Same problem though. I can edit the story, update it with the correct link, and in the editor window it displays the picture. When I click on "Save Changes" it seems to save successfully (any other text changes I make seem to save), but the pictures are missing (I did get the topic image back though). If I go back into the story to edit it, where I had <img src=http://mysite.com/images/picture.jpg> is now <img border="0" /> with no picture actually specified.
I must be missing something in the mainfile.php I'm guessing..Hm....will keep digging through it (and backing it up after each change). Any tips or advice on this would be greatly appreciated. Thanks!
DR
XenoMorpH Lieutenant
Joined: Aug 24, 2003
Posts: 187
Location: Coevorden, Netherlands
Posted:
Sat Jan 21, 2006 1:41 pm
I am having the same problem. Added the img to the list also...even added the img tag in the database through phpmyadmin.
Only a red cross is showing...and not even an img path....
Yeah, it seems to be stripping the entire img src= for some reason. I definitely have the "img"=>2 in the AllowableHTML section. Also have tried the other suggestions I've found on the forums (the changes in the mainfile.php listed at the link in my initial post). I just can't figure out what it is I'm doing wrong or missing... Are there any other sections in the mainfile.php or config.php which I should edit or add to allow images to be posted in stories?
It has to be something with the 7.9 patch files..because it was working perfectly fine before that (but most likely pretty insecure I'm guessing). I'd be willing to give up a little security though for the ability for the people submitting stories to post images There are only a couple people who can post stories on my site, and they are all trustworthy, so I'm not too worried about them putting something malicious in there..
DR
MstSage Nuke Cadet
Joined: Nov 24, 2005
Posts: 9
Posted:
Sun Jan 22, 2006 5:24 am
Is there any ways to downgrade, because my themes don't work right now, ( i liked my right side stuff but only two themes work!
_________________
Xyberian Colonel
Joined: Mar 14, 2004
Posts: 1938
Location: Behind you
Posted:
Sun Jan 22, 2006 9:00 am
You don't have to downgrade as long as theme is trouble.
Simply change index = 1 to define(INDEX_FILE) directive.
Yes, the patch is what seemed to cause the problem. Since I used the 7.9 patch downloaded from www.nukeresources.com the Stories have not displayed any images. I do have the "img"=>2 in the AllowableHTML section. I have also tried the suggestions listed at http://nukecops.com/PHP-Nuke_allow-special-html-tags.html None of this has helped.
When go to modify a story, and try to add a <img src=http://www.mysite.com/images/whatever.jpg> I click Update, and it displays the picture in the little editor window, but when I save the changes, it still doesn't display the images. When I go back into the editor, it has stripped out the <img src=http://www.mysite.com/images/whatever.jpg> and replaced it with just <img border="0" />
This was all working fine before I used the patch for PHPNuke 7.9. Below is a copy of my config.php file (with some stuff edited out of course).
Code:
<?php
if (stristr(htmlentities($_SERVER['PHP_SELF']), "config.php")) {
Header("Location: index.php");
die();
}
I can't see anything that I've done wrong in this For the AllowableHTML section its all on one line, but that really screwed up the formatting in this post, so I put each on its on line. Would it help to post the contents of my mainfile.php? Or would it help to only post certain sections? I'd really like to get pictures working again after the patch like they were working before I used the patch. Any ideas?
DR
DRob Nuke Cadet
Joined: Jan 13, 2006
Posts: 7
Posted:
Mon Jan 23, 2006 3:33 am
Hm..I may have figured out what I did wrong Xeno - Try this. Besides the section for
$AllowableHTML = array(
"img"=>2,
in your config.php file, in the main.php file look under the check_html function. In that section look for:
I had commented out the first two sections that begin with $str, but hadn't commented out the 3rd. After adding // to the 3rd section to comment it out, all of a sudden my images started working. Hope this helps you And thanks again Evaders99 for trying to help me out I'm such a clueless newbie when it comes to this stuff. I'm trying to learn though! The forums on php-downloads.com, here, and nukeresources.com have been a lot of help
It did thanks , I also went back to PHP-Nuke 7.7 and it did it when I patched 3.1
to bad though I cant really do much since my Motherboard is fried, though I am getting a New one next week
_________________
mtalley887 Sergeant
Joined: Dec 01, 2003
Posts: 149
Posted:
Sat Jan 28, 2006 4:58 pm
Drob's asessment on themes is correct and is a missing note that should have been placed in the readme file that came with phpnuke 7.9 to get the right blocks to display. The change is in theme.php file under themefooter function.
Since I work with the installation of the Spaw Editor I sometimes see problems that others don't. As an example while working with the 'message.php' file under admin/modules to display images you must place in the 'config.php' file under $AllowableHTML the "img"=>2 tag to see images. However, with popup images which the Spaw Editor uses there is the problem during save that 'check_html' which is called from the function 'filter' in 'mainfile' strips the coding needed to produce the popup images.
If you look at check_html function and look at the first part of it which looks like this:
Code:
function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. */
include("config.php");
if ($strip == "nohtml")
global $AllowableHTML;
if (!is_array($AllowableHTML)) $AllowableHTML =array('');
$str = stripslashes($str);
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
// Delete all spaces from html tags .
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\"
>]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str);
// Delete all attribs from Anchor, except an href, double quoted.
$str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str);
// Delete all img tags
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
// Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
$i = strpos($str,$reg[0]);
The coding if you follow it doesn't look right where it starts with ' if ($strip == "nohtml")'. This is stating that if a command string states 'nohtml' such as in this command line '$title = filter($title, "nohtml");' then the result would be to remove the HTML. But, if the command statement is '$title = filter($title, "");' then the statement ' if ($strip == "nohtml")' is false and shouldn't remove the HTML. But it looks to me that if the statement is false only the global $AllowableHTML will not be loaded because the "If statement" is going to be completed at the end of "global $AllowableHTML; " and after that it will continue on to remove the html when you don't want it to. It seems to me that we need to encase the first "If" condition by placing in the curly brackets "{ }" by rewriting the first line like this:
Code:
if ($strip == "nohtml") {
and then closing it off after this line:
Code:
$tmp = "";
}
This way if $strip == 'nohtml' then it will remove the html except for what is listed in the $AllowableHTML array. if $strip == "" then it will skip stripping html and go on. In my testing it, set up this way, then the popup script that is placed in messages and stories and so on do not get stripped out and everything seems to work fine. Does this seem reasonable?
The other change I made was with the calling of FixQuotes. First I went to the function filter and on the line where it shows this:
Code:
$what = stripslashes(FixQuotes($what));
I changed it to this:
Code:
$what = stripslashes(FixQuotes($what,$strip));
then I moved to the function FixQuotes and changed this:
Code:
function FixQuotes ($what = "")
to this:
Code:
function FixQuotes ($what = "",$strip="")
and then added this to the function:
Code:
if ($strip == "nohtml"){
$what = str_replace("'","''",$what);
}
this way it doesn't stop the functionality of it if the 'nohtml' is used.
The other thing that I've noticed is with the topic images not showing is different from what chatserv had stated in this forum http://www.nukefixes.com/ftopic-1779-days0-orderasc-45.html#8350 he stated that in 7.9 mainfile that the script for get topics looked like this:
Code:
function getTopics($s_sid) {
global $topicid, $topicname, $topicimage, $topictext, $prefix, $db;
$sid = intval($s_sid);
$result = $db->sql_query("SELECT t.topicid, t.topicname, t.topicimage, t.topictext FROM ".$prefix."_stories s LEFT JOIN ".$prefix."_topics t ON t.topicid = s.topic WHERE s.sid = ".$sid);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$topicid = intval($row['topicid']);
$topicname = filter($row['topicname'], "nohtml");
$topicimage = filter($row['topicimage'], "nohtml");
$topictext = filter($row['topictext'], "nohtml");
}
I have downloaded and checked several times and downloaded again just before posting this from Nuke Resources the 7.9 patch and what is listed in mainfile for getTopics is this:
Code:
function getTopics($s_sid) {
global $topicname, $topicimage, $topictext, $prefix, $db;
$sid = intval($s_sid);
$result = $db->sql_query("SELECT t.topicname, t.topicimage, t.topictext FROM ".$prefix."_stories s LEFT JOIN ".$prefix."_topics t ON t.topicid = s.topic WHERE s.sid = '".$sid."'");
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$topicname = filter($topicname, "nohtml");
$topicimage = filter($topicimage, "nohtml");
$topictext = filter($topictext, "nohtml");
}
First it is missing this line ' $topicid = intval($row['topicid']); ' and the last three lines are different. If I place the missing line in the code and then change the last three lines like chatserv thought was in 7.9 then the topic
images show.
So far the copy of my 7.9 seems to be working okay, and the spaw editor changes went smoother than it has in previous versions. But, I can't say if it will work for you without the editor or with your copy.
Michael
Kodetech.com
Last edited by mtalley887 on Sat Feb 04, 2006 6:23 pm; edited 2 times in total
dead7iestweap0n Nuke Cadet
Joined: Jan 28, 2006
Posts: 2
Posted:
Sat Jan 28, 2006 6:26 pm
I am having a probelm like this, but I am trying to insert a paypal donate button. It uses the form tag, but I have done every thing that you have sugested, and it still deletes all of my code. I am really mad, and I am about ot switch to a better CMS, because PHP nuke is way to unorganized.
mtalley887 Sergeant
Joined: Dec 01, 2003
Posts: 149
Posted:
Sun Jan 29, 2006 7:01 am
Well let's put our heads together and see if we can get it to work. I'm interested in seeing what is taking place and why this is happening. If you want contact me at my site so as not to take up space here and if we figure it out we'll post back it here what we found.
Michael
kodetech.com
Schmide Nuke Soldier
Joined: Jan 20, 2006
Posts: 11
Posted:
Wed Feb 01, 2006 9:51 pm
I was messing with it and it seems part of the problem was the global $AllowableHTML getting crushed when it was assigned the empty array. I also found a bunch of calls with NULL $str duh no need to process a NULL return. Sorry about my indentation style its the only way I can follow that deep a if else if else else if if... I also removed some unnecessary code that took out the img tags and anchors (done later anyways).
Code:
function check_html ($str, $strip="") {
/* The core of this code has been lifted from phpslash */
/* which is licenced under the GPL. Altered by Schmide
to fix losing images problem in 7.9 */
global $AllowableHTML;
include("config.php");
if(!$str)
return NULL;
$str = stripslashes($str);
// Delete all spaces from html tags .
$str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>",'<\\1>', $str);
if ($strip == "nohtml")
{
// if you want to keep just anchor tags or other local combinations of allowables do the following
// otherwise leave the NULL assignment.
// $localAllowableHTMLArray=array("a"=>1);
// $localAllowableHTML=&$localAllowableHTMLArray;
$localAllowableHTML=NULL;
} else {
$localAllowableHTML=&$AllowableHTML;
// Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
$str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);
}
$tmp = "";
while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>",$str,$reg)) {
$i = strpos($str,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/")
{
$tag = strtolower(substr($reg[1],1));
} else {
$tag = strtolower($reg[1]);
}
if ($a = $localAllowableHTML[$tag])
{
if ($reg[1][0] == "/")
{
$tag = "</$tag>";
} elseif (($a == 1) || (empty($reg[2])))
{
$tag = "<$tag>";
} else {
# Place here the double quote fix function.
$attrb_list=delQuotes($reg[2]);
// A VER
$attrb_list = str_replace("&","&",$attrb_list);
$tag = "<$tag" . $attrb_list . ">";
} # Attribs in tag allowed
} else {
$tag = "";
}
$tmp .= substr($str,0,$i) . $tag;
$str = substr($str,$i+$l);
}
$str = $tmp . $str;
return $str;
exit;
/* Squash PHP tags unconditionally */
$str = str_replace("<?","",$str);
return $str;
}
Old copy array code
Code:
if ($strip == "nohtml")
{
$localAllowableHTML=array('');
} else {
$localAllowableHTML=$AllowableHTML;
Last edited by Schmide on Thu Feb 02, 2006 10:35 am; edited 3 times in total
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Xeno - Try this. Besides the section for
, I also went back to PHP-Nuke 7.7 and it did it when I patched 3.1
