Forum Information

Members: 16,996
Threads: 38,867
Posts: 159,477
Online: 42

Newest Member: Kl_broka@rediffmail.com
Advertising

Partners


Odoo.tv - Outdoor Television

Mambers.com 4 Sale

Sedo - Domains kaufen und verkaufen das Projekt mambers.com steht zum Verkauf Besucherstatistiken von mambers.com etracker® Web-Controlling statt Logfile-Analyse
Home  ::   Forums   ::  Join Now!

Go Back   Mambers.com > Development > Component 'How Do I' Questions
Reload this Page TinyMCE-EXP popup function doesn't work after security patch

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 14.06.2005, 12:10   #1 (permalink)
Ant
Mamber
 
Join Date: Apr 2004
Posts: 59
Ant is on a distinguished road
Default TinyMCE-EXP popup function doesn't work after security patch
After patched with Security Patches Out for 4.5.x, TinyMCE-EXP 1.0 (mambo 4.5.2) thumbnail to popup feature doesn't work anymore. When I insert an image as thumbnail in th html source there is the correct code:
Code:
<a href="javascript:void window.open('http://***/mambots/editors/tinymce_exp/jscripts/tiny_mce/popupImage.php?img=images/stories/piazza3.jpg&imgwidth=400&imgheight=280&alt=piazza3.jpg','Image','menubar=no,toolbar=no,scrollbars=yes,resizable=yes, left='+(screen.availWidth/2-(400/2))+',top='+(screen.availHeight/2-(280/2))+',width='+(400+10)+',height='+(280+75)+'');"><img width="150" vspace="5" hspace="5" height="105" border="0" align="" alt="piazza3.jpg" src="http://***/images/stories/.thumbnails/.thumb_piazza3.jpg" /></a><br />
But after saved, the code is:

Code:
<a><img width="150" vspace="5" hspace="5" height="105" border="0" align="align" src="http://***/images/stories/.thumbnails/.thumb_piazza3.jpg" alt="piazza3.jpg" /></a><br />
Any idea about?
Thanks
A.
Ant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links
Old 14.06.2005, 13:41   #2 (permalink)
Junior Mamber
 
indy68's Avatar
 
Join Date: Nov 2004
Location: Belgium
Posts: 30
indy68 is on a distinguished road
Default Re: TinyMCE-EXP popup function doesn't work after security patch
The problem is not TinyMCE-E but seems to point at a php-input-filter-class installed with the latest patch (4.5.2.2).

For security issues , this filter wil delete all 'dangerous' code when the content is saved. The reason for this filter is to prevent mallicious users to insert code into the content.

The href="javascript:..." code is considered 'dangerous' and therefor delete.
I've experienced the same problem (without an editor) and decided that the only short-term solution is (allthough I'll miss out on the rest of the security patch) to go back to 4.5.2.1 as this filter would make my website useless.

This problem has been posted as a bug on mamboforge.net although it's not really a bug as it's more a loss in functionality.

Maybe the developers could consider the ability to turn off this filter (at least for the backend) through a parameter in the configuration file.
indy68 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 15.06.2005, 23:29   #3 (permalink)
Ant
Mamber
 
Join Date: Apr 2004
Posts: 59
Ant is on a distinguished road
Default Re: TinyMCE-EXP popup function doesn't work after security patch
With new update 4.5.2.3 pop-up works fine again.
Ant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
tinymce: after pasting html content in FF, save and cancel buttons don't work kentu Mambo 4.5.1 Bugs 6 06.07.2005 01:08
Bug with special chars after last security patch Bernard Mambo 4.5.1 Bugs 3 15.06.2005 11:41
Warning - latest security patch is malicious conficio Mambo 4.5.1 Installation and Upgrades 2 07.06.2005 00:35
Important security Patch! eyezberg Community Announcements 2 05.06.2005 01:02
Security Patch for Community Builder 1 beta 4 MamboJoe Mambo 4.5 Security 0 14.03.2005 07:30


All times are GMT +2. The time now is 04:48.

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.1.0
A vBSkinworks Design
© Copyright 2004-2008 by Arthur Konze Webdesign.



Forums | Register | Members | Search | Faq

Mambers.com - Archive - Top