I ended up using the 2.3.0 user.php file as well. Please make this part of version 3.
-Ron
-
Hey,
Yeah that would be a great solution but I don't think freddie or anyone else is going to release the "Html allowed in this field?" code if there won't be an updated vB 2.x release unfortunately.
I guess I can revert to my 2.3.0 user.php if there isn't much there that was changed... It was probably something involving line 390 if I had to guess...
-JasonLast edited by Alien; Mon 1 Sep '03, 4:17pm.Leave a comment:
-
I've got the same problem as well. It's all fine and dandy to convert it with htmlspecialchars... it prevents any malicious code from being entered into a field... but the vB team forgot to include the html decoding when showing $profilefield. An oversight, or whatever it was, I'd like to have the code to fix it as well.
ThanksLeave a comment:
-
The real solution would be to add a another option when you edit a field that states 'Allow HTML in this field?'. Then we would know to run htmlspecialchars() or not on it. I can make this change for 3.0 but since I don't forsee any more 2.x releases, I really don't know what to tell you other than to upload the user.php from 2.3.0 if you want it back to the previous method. You'll have no issues reverting to that file.Leave a comment:
-
Okay I see what changed, but I don't recall anything occuring on my end that would need that update which completely removes something I came to depend on.. Hmm. So I guess I can no longer add html in those fields inside the admin cp anymore now or in the future without hacking the files now or using awards hacks correct?
Leave a comment:
-
Oh yes it is acting different and it would help if I looked at user.php and not profilefield.php
This is what changed it: http://www.vbulletin.com/forum/showthread.php?t=69375Last edited by Freddie Bingham; Fri 29 Aug '03, 11:28am.Leave a comment:
-
Hmm if I look at profilefield.php, the last change to it was made just before 2.3.2/2.3.1 and was Kier simply changing & to amp; for the links. Before that the last change was made 2 years ago by me.
I'll see if I can duplicate you are getting at. Perhaps something was changed in adminfunctions.php.Leave a comment:
-
Guest repliedSimple modification, worked as long as vB had posts set up that way for me.Originally posted by AlienOkay before I try this.. If this ability was somehow removed from 2.3.2, I'd just like to confirm why.. I don't want to introduce this feature again by bringing in a possible security hole... Will your modification open anything negative up?
Regards,
-Jason
, ive used it for other things tho.
Leave a comment:
-
freddie: We're referring to when an admin in the admin CP adds html code into a field, such as a "Contributor" field that the user cannot modify.
Something like < img src=http://www.sitename.com/contrib_icon.gif border="0" alt="This user is a contributing member!" >
When doing this, and calling the proper field within the postbit, it is now a 'big red x' image.
It always displayed properly in the admin cp when you would go back in to edit the user or give him another award. Now it will not. Html is now stripped in the profile fields there too, and it never worked that way before.
It's worked for me for over a year I've done it that way. Now since going from 2.3.0 to 2.3.2 it will not.
-JasonLeave a comment:
-
hmm... that didn't happen before the last upgrade. The code stayed intact. When I look at a user in the admin this is what I see:Originally posted by Freddie
Leave a comment:
-
Anytime a user saves a profile field, the data is sent through htmlspecialchars which converts < to <, among other things. That is the way it has always worked.Leave a comment:
-
Okay before I try this.. If this ability was somehow removed from 2.3.2, I'd just like to confirm why.. I don't want to introduce this feature again by bringing in a possible security hole... Will your modification open anything negative up?
Regards,
-JasonLeave a comment:
-
Perhaps he can send you the code to help out, I'm going to give it a try later tonight...
Wonder what happened to change things from the old way, in 2.3.2..Leave a comment:
-
Ugh! Same problem here. Everytime I or a user alters anything in their profile the html gets changed.
Code:eg - < gets changed to <
Leave a comment:
-
Guest repliedIn version two yes, altho a *small* hack will *fix* the problem very easyly, check out the postbit functions in /admin/functions.php.
In vB 3 you could control it via the <if> tags.
Anyway, ill send you a pm as the 'hack' is rather small.
BTW I was very active at ubbdev to, wrote the rpg stats for 6.05
.
Leave a comment:
-
![[GReY]](./core/images/default/default_avatar_large.png)
Hello,
I was curious if there are shortcodes or templates available to add in our own profile fields that create entities with href's in them.
Example:
I would like...Tue 30 Apr '13, 8:52am
Leave a comment: