Hi G!
I noticed you have
$photo['description'] = $myts->stripSlashesGPC( $_POST["desc_text"] ) ;
for myalbum description posts.
Is There a way I can enforce more strict sanitizing? actually, I would like the description output to be completely text and no special characters (Such as smileys, external images, internal images etc etc).
I am using the dhtmlxoopseditor hack as the editor. (This editor is global) I figured I would either change the myalbum "submit" editor to just a text field, or sanitize the provided editor to achieve text and no special characters.
Thank You =)
hi auxiv.
Quote:
I noticed you have $photo['description'] = $myts->stripSlashesGPC( $_POST["desc_text"] ) ;
for myalbum description posts.
This code is unrelated with escaping HTML special characters.
(To avoid an affection from magic_quotes_gpc)
If you want to hack it, edit here, though I never recommend it.
line 117 of include/draw_functions.php
'description' => $myts->displayTarea( $description , 0 1 , 1 , 1 , 1 , 1 , 1 ) ,