i just installed fresh site based on phpnuke 7.8. the first thing i did is to apply security patch 3.2 (78patched3dot2.zip). well, as far as i can see all works ok except i can not get html links to work properly in the story module

when i submit a test news to myslf, a simple

test.com
i can see the link on the preview page before actual submition. the link properly reflects http://test.com

next when i get to the new submition in my admin pannel the link is gone, the messeg come just plain text test.com

if i try to add link witin admin pannel
and i preview that new story i can see properly formated link
http://mysite.com/index.php?url=http://test.com

but after the news is submited link goes to:
test.com

i suuspect that the security patch does not allow create link here, but from all posting i found this should be allow by the entry in config.php
$AllowableHTML = array("a"=>2, ....

so i am lost.
can anyone point me in the right direction ?

I'm not sure you want to hear this but personally I'd say run as fast as you can from 7.8 (regardless of patch level) and go to ravennuke .76 patched series.

You can find the latest raven release here: http://ravenphpscripts.com/

__________________


My Daughter Rules!

Duke, i took your advice, as off this moment running ravennuke7.6. still looking around but as far as i can say all looks good.

thanks,
-voitek.,

-

This is the code that is stripping the <a href and <img src tags
in mainfile.php

Code:

// Delete all spaces from html tags . $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>",'<a href="\\1">', $str); // Delete all attribs from Anchor, except an href, double quoted. $str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str); // Delete all img tags $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str);

Read more here:
http://www.nukecops.com/PHP-Nuke_all...html-tags.html
and here
http://www.nukecops.com/PHP-Nuke_config-php-file.html

I have yet to find a SECURE workaround that allows the full use of a href and img tags

I'm glad it's working out for you buds, terrific!

__________________


My Daughter Rules!

Originally Posted by Duke

I'm glad it's working out for you buds, terrific!

NOT working for me..see at the end of my previous post??

Quote:

I have yet to find a SECURE workaround that allows the full use of a href and img tags

You can comment out those lines I specified in mainfile.php but that is a security risk. Even with those lines commented out, IT still does not fully work and will still strip img tags if they have any added code like

Code:

<img src-"images/one.gif" border="0">

border="0" causes the <img tag to be stripped.

Originally Posted by myrtletrees

Originally Posted by Duke I'm glad it's working out for you buds, terrific! NOT working for me..see at the end of my previous post??

I'm not sure what this means :?

__________________


My Daughter Rules!

You said you were glad it's working out for us buds...

I said, it is not working out.

This is STILL a problem...do you understand?

Now I see why I missed your meaning because I wasn't replying to you at any time in the post, understand?

__________________


My Daughter Rules!

Originally Posted by Duke

I'm glad it's working out for you buds, terrific!

ahh?? considering you said "buds"(which is plural, meaning more than one) even tho I'm not a "bud", I'm a "budette", the topic starter of this post, and me are the only ones that replied here...it looked like you were replying to me and him as "buds" in your post.

8O ...totally on the wrong page here... :P

REGARDLESS,

The problem STILL pesists in Nuke 7.6, 3.2 patched.

<a href and <img tags are improperly stripped by Nuke and or Sentinel.

There needs to be better control over these features.

Just as and FYI.>>
I have resorted to taking my "html" that is "bad" to Nuke and Sentinel and converting it into blocks.