public/gallery3-contrib
Archived
1
0
Fork 0
Code Releases Activity

Added admin option to disable rich text editor, attempt at bypassing gallery's xss filtering.

Browse Source
This commit is contained in:
rWatcher 2012-07-03 16:07:03 -04:00
parent c420646950
commit 00b7162b08
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
3.0/modules/pages/controllers/admin_pages.php
View File

@ -57,7 +57,7 @@ class Admin_Pages_Controller extends Admin_Controller {
$page_id = Input::instance()->post("page_id");
$page_name = urlencode(trim(Input::instance()->post("page_name")));
$page_title = Input::instance()->post("page_title");
$page_code = Input::instance()->post("page_code");
$page_code = stripslashes($_REQUEST["page_code"]); // access var directly to get around xss filtering.
$display_menu = Input::instance()->post("display_menu");
// If $page_id is set, update an existing page.
@ -250,6 +250,9 @@ class Admin_Pages_Controller extends Admin_Controller {
$pages_group->checkbox("display_sidebar")
->label(t("Hide sidebar on Pages?"))
->checked(module::get_var("pages", "show_sidebar"));
$pages_group->checkbox("disable_rich_editor")
->label(t("Disable rich text editor?"))
->checked(module::get_var("pages", "disable_rte"));
$pages_group->submit("save_prefs")
->value(t("Save"));
@ -263,6 +266,7 @@ class Admin_Pages_Controller extends Admin_Controller {
// Save form variables.
module::set_var("pages", "show_sidebar", Input::instance()->post("display_sidebar"));
module::set_var("pages", "disable_rte", Input::instance()->post("disable_rich_editor"));
// Display message and load main pages admin screen.
message::success(t("Your settings have been saved."));