From: Shaun M. <sh...@ae...> - 2004-09-02 22:04:45
|
On 2 Sep 2004, at 18:00, Matthew McNaney wrote: >> On the surface it doesn't seem like there would be a quick fix to >> solve this >> issue, but I would strongly recommend that individual users make >> edits to >> certain files in order to avoid or limit defacement. > > Another easy "fix" is to remove the <img> tag from your allow_tags > setting in textSettings.php Slightly limiting perhaps. ;-) How about getting that two level textSettings hack Eloi? did in to the code asap so that at least admins can use the full complement of tags and we can lock out all html tags from normal users leaving them just with BBCode? That would solve a great many of these types of security issues. Shaun aegis design - http://www.aegisdesign.co.uk |