Zenphoto
The simpler media website CMS
ZenphotoThe simpler media website CMS
Forum search only. You might also want to search on the main site's user guide.
Your support helps pay for this server, and helps development of zenphoto. Thank you!
Visit the donations page
hi there, I know i'm old-fashioned but is there any way to avoid zenphoto overriding my preferences in writing content? (using zenphoto 1.5.7 + zenpage theme)
I understand that preventing malicious use of forms is an important feature but IMHO preventing my own personal use of html tagging in my texts is malicious as well.
In this way not only my lay-out but also my text formatting are under scrutiny by zenphoto, just like it happens in WP!
I've tried to add and/or modify the allowed tags in admin-options but "the system" didn't accept me doing that.
I find it's too generic to set alltogether the permits for "comments, descriptions and other fields".
Isn't it possible to split the "allowed tags" from comments -which are obviously a target for external attacks- and my own use of html in my own content?
(i.e. what is the ratio to exclude attribute "name" from tag \< a >? or my favourite \< dl > \< dt > \
and \< del > ? and how am I supposed to add a form for a paypal button?)
Comments
You should be able to add "tags" in the option actually if you follow the way they are defined. What does happen if you do? Just nothing?
These are not only for tags but also for basic sanitizing of contents and some filtering internally. So it is currently not that easy to do so and certainly not for 1.5.8 coming soon.
However in the 1.5.8RC there are some additions as there have been some other oversights for the defaults.
The name attribute is not an allowed attribute for
<a>elements as it is not one of the global ones.https://developer.mozilla.org/de/docs/Web/HTML/Element/a
Paypal buttons actually work fine: https://www.zenphoto.org/pages/donations/
Definition lists actually as wel despite indeed missingl: https://www.zenphoto.org/news/zenphotos-global-variables/
But it all also depends on if you are using the tinymce editor or not asthat also does some filtering. It is enabled by default normally and we use it as well.
tinymce editor? no, I don't use it, what's that? ;-)
When I've tried to add all together the tags I wanted to use, the verification system didn' allow me doing that.
After some testing I've succeded to enter separately, meaning one by one, \< dl > \< dt > \< dd > and \< del >
Added succesfully as well the attribute "name" in tag \< a > (it's in texts I've written long time ago, when it was of common use and not yet deprecated... )
But if I write < form > or < input > the system rejects it, I don't understand how to add i.e. paypal
Perhaps tinymce to make your life easier ;-)
You need to enter the items as the existing are like this
Forms will be incuded by default in 1.5.8. Definition lists and
<del>we forgot but will add them.Note that it will be invalid HTML technically as it is not only deprectated but not allowed in HTML5 as all Zenphoto themes use HTML5, at least the official ones.
Note that it will be invalid HTML technically as it is not only deprectated but not allowed in HTML5 as all Zenphoto themes use HTML5, at least the official ones
thanks for pointing me that, I wasn't aware of
however I still don't get how to add the paypal thing
It's not a huge showstopping validation issue but will ceraintly be noted if you test with a validator.
What is the exact problem with the paypal button? That's just a simple form with a link and an image as on our page, right?
ok, after some testing I could finally manage to add all the required tags and attributes (e.g. form & input) which at the previous attempts were refused by the system.
apparently the system was not happy to get all the mods in one go, I had to add them all one by one (and sometimes had to repeat as not always was accepted at the first time).
there could have been some typo by my side but I've checked many times: pretty weird behaviour
[btw in admin-options.php?page=options&tab=general
there is a typo:
in the italian translation there are two closing parenthesis instead of one - as those in the form field:
Seguire la forma tag => (attributo => (attributo=> (), attributo => ()...))
while in english there are three closing parenthesis
Follow the form tag => (attribute => (attribute=> (), attribute => ()...)))
]
Surely not normal behaviour. Any errors in the logs?
That's something @bic would have to fix ;-)
There are things messed up there. Too many open/close parenthesis.
Please take a close look at syntax. It should look like this:
form => (action=>() method=>() accept-charset=>() id=>() class=>() title=>() name=>() target=>() lang=>())Maybe a shorter example helps:
col => (class=>() id=>() lang=>())yes, I did it, note that in english there are 3 closing parenthesis in the text
That's not the case in 1.5.8RC however.
I think it's better to use the reset to default button, on the right of the Allowed tags options, and start over.
Sigh..., I completely missed the fact that you meant the text in the explanation next to the option. Sorry.
No problem, maybe I wasn't clear enough: it's so easy to misunderstand each other ;-)
Let me add here just one more little problem I've noticed, that has puzzled me for quite some time.
The system strips off an attribute which is set as allowed by default in admin option. This is how my html looks like in my admin-edit page:
but the id attribute effectively is stripped off in my page source, while is still there in the admin-edit page!
Any idea on how do I solve this?
First, what edit page exatly, second which theme are you using.
With text editor or without texteditor as the editor also does some parsing itself.
Generally is text content parsed by a validator - either a library or if your sever supports a native PHP extension - so if for some reason an id is not unique on your text content it may be removed.
.../zp-core/zp-extensions/zenpage/admin-edit.php?page&update
NO text editor
that's not the case, every id I've tried is stripped off in my page source, while remaining alive in its admin-edit page
tried a temporary workaround
but that too is stripped off from html! :-(
My colleague just reminded me that might be related to sort of a bug with the filtering we were not able to solve. This happens for some reason sometimes.
Try to use a codeblock - if the theme supports it - instead of the main text content.
Need to remind me by looking at code: In fact this is an issue of the general sanitizing but not related to the allowed tags option at all as that is not used for displaying text content. We're re-investigation on this again right now.
Please try the 1.5.8RC for some change regarding this.
ok, I've reinstalled and tested the page: problem solved ! :-)
Great, thanks!
Hi @acrylian I'll look at the translation asap, thanks. For some reasons, I don't get email notifications when I'm tagged here in the forum. I have all the notification enabled on my profile settings.
I have no idea why the notifications would not work for you. For me they do but of course I am on admin level additionally. Is the mail here really correct?
How about subscribing to the RSS feed perhaps?
I've checked in the spam folder too but nothing. I used to receive email notifications from here some time ago anyway.
I'll try with RSS, tough I've not any RSS reader active at the moment. I'll setup one hopefully.
PS
I'm experimenting an annoying antispam delay between replies too, that's why I'm replying this late.
Perhaps somehow your mailprovider blocks the forum mails for some unknown reason… No idea sadly.
What do you mean excatly? We have something in place so no one can "flood" things here indeed.
I've changed the email address. I got the verification email, so this one should work.
A 300 seconds delay between posts :-(
By the way, the string to be fixed in translation, for which @acrylian tagged me, is now changed in latest build and there are some typos in english too, like some messed up spaces.
Follow the form: <em>tag</em> => (<em>attribute</em> => ()<em>attribute</em>=> () <em>attribute</em> => ()....etc.)Should be perhaps
Follow the form: <em>tag</em> => (<em>attribute</em> =>() <em>attribute</em>=>() <em>attribute</em> =>()....etc.)Thanks. Fixed in the Support build
Thanks @fretzl
I'm going to commit the translation right now.
PS
I didn't get any notification from here about your reply, even with the new email address which is a gmail one.
@bic Hm, if you enabled all you should get one as you participated. Did you get this one being referenced directly?
No, I didn't. I got your mail tough, so we can continue this conversation privately.