PEAK XOOPS - Forum with WYSIWYG Editor safely 
XOOPS
XOOPS : Forum with WYSIWYG Editor safely
I've just released d3forum-0.77.
You can use fckxoops with this version.
Perhaps, you've already known forum modules can use WYSIWYG Editors.
But d3forum is far differnt from them because of the security.
If you turn "Enable HTML" on, your post will be filtered HTMLPurifier automatically.
Then, all of JavaScripts will be removed from the post.
I've opened "HTML allowd FORUM" for my experments.
http://xoops.peak.ne.jp/md/d3forum/index.php?forum_id=12
Only with the forum, you can use fckxoops and allow HTML.
Of couse, you can control such detailed settings by forum's option.
default_options:smiley,xcode,number_entity,html
allow_html:1
body_editor:common_fckeditor
Note:
The forum's "default_options" contain "html" instead of "br".
Related articles
- HTMLPurifier (2007-09-18 04:00:24)
Comments list
kentauls
Posted on 2007/10/2 8:34
Hi OneOfTen and GIJOE,
Finally I could find the reason why FCKeditor didn't appear on d3forum.
It was quite simple, the template file "d3forum_main_post_form.html" was not update correctly.
Following is the code from altsys.
But I'm really wondering why the template file was not updated correctly... New file was over written by old file. It can be possible?
It was caused by my wrong operation or system error ?
Then I've found GIJOE's module "altsys" is amazing! It helped me a lot to find the solution and to recover the code with ease. If I didn't use it, I would spend much more time.
Thanks GIJOE!
And OneOfTen, you helped me a lot!
Finally I could find the reason why FCKeditor didn't appear on d3forum.
It was quite simple, the template file "d3forum_main_post_form.html" was not update correctly.
Following is the code from altsys.
But I'm really wondering why the template file was not updated correctly... New file was over written by old file. It can be possible?
It was caused by my wrong operation or system error ?
Then I've found GIJOE's module "altsys" is amazing! It helped me a lot to find the solution and to recover the code with ease. If I didn't use it, I would spend much more time.
Thanks GIJOE!
And OneOfTen, you helped me a lot!
@@ -101,27 +101,33 @@
</tr>
<tr valign="top" align="left">
<th class="d3f_head"><label for="message"><{$smarty.const._MD_D3FORUM_TH_BODY}></label></th>
<td class="even">
- <{if $body_wysiwyg}>
- <{$body_wysiwyg}>
- <{else}>
- <input type="checkbox" id="message_bbcode_onoff" onclick="if(this.checked){xoopsGetElementById('message_bbcode_buttons_pre').style.display='block';xoopsGetElementById('message_bbcode_buttons_post').style.display='block'}else{xoopsGetElementById('message_bbcode_buttons_pre').style.display='none';xoopsGetElementById('message_bbcode_buttons_post').style.display='none'};" /><label for="message_bbcode_onoff"><{$smarty.const._MD_D3FORUM_LABEL_INPUTHELPER}></label>
- <br />
- <{xoopsdhtmltarea name="message" cols="60" rows="15" value=$message pre_style="display:none;" post_style="display:none;"}>
- <{/if}>
+ <input type="checkbox" id="message_bbcode_onoff" onclick="if(this.checked){xoopsGetElementById('message_bbcode_buttons_pre').style.display='block';xoopsGetElementById('message_bbcode_buttons_post').style.display='block'}else{xoopsGetElementById('message_bbcode_buttons_pre').style.display='none';xoopsGetElementById('message_bbcode_buttons_post').style.display='none'};" /><label for="message_bbcode_onoff"><{$smarty.const._MD_D3FORUM_LABEL_INPUTHELPER}></label>
+ <br />
+ <{xoopsdhtmltarea name="message" cols="60" rows="15" value=$message pre_style="display:none;" post_style="display:none;"}>
<{if $reference_quote}>
<br />
<input type="button" name="quote" id="quote" onclick="d3forum_quote_message();" value="<{$smarty.const._MD_D3FORUM_BTN_QUOTE}>" />
<{/if}>
</td>
</tr>
<tr valign="top" align="left">
<th class="d3f_head"><{$smarty.const._MD_D3FORUM_OPTIONS}></th>
<td class="even">
<!-- approval -->
- <{if $forum.isadminormod && $mode == "edit" && ! $post.approval}>
+ <{if $forum.isadminormod && ! $approval}>
<input type="checkbox" name="approval" id="approval" value="1" <{$approval_checked}> /><label for="approval"><{$smarty.const._MD_D3FORUM_LABEL_DOAPPROVAL}></label>
<br />
<{/if}>
@@ -215,11 +221,9 @@
function xoopsFormValidate_postform() {
myform = window.document.postform;
if ( myform.subject.value.replace(/^\s+|\s+$/g,"") == "" ) { window.alert("<{$smarty.const._MD_D3FORUM_SUBJECT|string_format:$smarty.const._FORM_ENTER}>"); myform.subject.focus(); return false; }
- <{if ! $body_wysiwyg}>
if ( myform.message.value.replace(/^\s+|\s+$/g,"") == "" ) { window.alert("<{$smarty.const._MD_D3FORUM_ERR_NOMESSAGE}>"); myform.message.focus(); return false; }
- <{/if}>
<{$antispam.js_in_validate_function}>
return true;
}
function d3forum_quote_message() {
OneOfTen
Posted on 2007/10/1 20:31
Well, all that looks fine and is similar to my configuration. If you could make me an accoount with admin rights I may have a look at it. If you would like to, just send me a pm with the infos.
kentauls
Posted on 2007/10/1 6:30
When I worked with smarty template debug mode, these variables are checked to be assigned in {$mod_config}.
Do you have any ideas?
top_message => "<h1 class="d3f_title">..."
show_breadcrumbs => 1
default_options => "smiley,xcode,number_entity,html"
allow_html => 1
allow_textimg => 0
allow_sig => 1
allow_sigimg => 0
posts_per_topic => 100
hot_threshold => 10
topics_per_page => 20
use_vote => 1
use_solved => 1
allow_mark => 1
allow_hideuid => 0
viewallbreak => 10
selfeditlimit => 31536000
selfdellimit => 0
css_uri => "{mod_url}/index.php?page=main_css"
images_dir => "images"
body_editor => "common_fckeditor"
anonymous_name => "Guest"
guest_vote_interval => 86400
antispam_groups => Array (1)
0 => ""
antispam_class => "default"
notification_enabled => 0
Do you have any ideas?
kentauls
Posted on 2007/10/1 6:16
I just tried to work with PHP debug mode.
But no errors were ejected anywhere...
But no errors were ejected anywhere...
kentauls
Posted on 2007/10/1 6:06
I'm pretty sure I uploaded the latest verion of "FCKeditor on XOOPS" properly.
That why I'm using FCKeditor on Bulletin and Pico as body text editor.
ummm
That why I'm using FCKeditor on Bulletin and Pico as body text editor.
ummm
OneOfTen
Posted on 2007/10/1 5:39
Quote:
Yes that's right. I really don't see where the problem is because your config as you posted above looks correct. And you are sure that you uploaded fckeditor properly?
I guess, even if we don't enable these options in the preferences in d3forum administration, these can be enable if we option them for each forum.
Yes that's right. I really don't see where the problem is because your config as you posted above looks correct. And you are sure that you uploaded fckeditor properly?
kentauls
Posted on 2007/10/1 4:27
Thanks OneOfTen,
Of course YES.
fck-editor is enabled and html is allowed in the preferences of d3forum administration for all categories and forums.
I guess, even if we don't enable these options in the preferences in d3forum administration, these can be enable if we option them for each forum.
Is that right?
Of course YES.
fck-editor is enabled and html is allowed in the preferences of d3forum administration for all categories and forums.
I guess, even if we don't enable these options in the preferences in d3forum administration, these can be enable if we option them for each forum.
default_options:smiley,xcode,number_entity,html
allow_html:1
body_editor:common_fckeditor
Is that right?
OneOfTen
Posted on 2007/10/1 4:13 | Last modified
Hi,
fck-editor will only be shown in the real reply-form, the fast-reply-form at the bottom of the topic will use xoopsdhtml. Your configuration of the forum seems ok. Did you already install fck-editor from here? If not download it here http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=93&cid=3 and just upload it to your webspace. Only this fck-editor made by Gijoe will work with d3forum and his other modules like pico.
fck-editor will only be shown in the real reply-form, the fast-reply-form at the bottom of the topic will use xoopsdhtml. Your configuration of the forum seems ok. Did you already install fck-editor from here? If not download it here http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=93&cid=3 and just upload it to your webspace. Only this fck-editor made by Gijoe will work with d3forum and his other modules like pico.
kentauls
Posted on 2007/10/1 3:44
Hi GIJOE,
We were really wanted that function and are very happy to here that FCKeditor is implemented in d3forum 0.77 and later.
But unfortunately, I've been unable to activate FCKeditor on d3forum and trying many things since you released 0.77.
I¡Çve tried it on XCL2.1.1 and 2.1.2.
FCKeditor is available on ¡Èbulletin¡É.
Protector 3.14 is active, but ¡È'allow_url_fopen' : on¡É.
These are optioned for the forum which I want to use FCKeditor.
default_options:smiley,xcode,number_entity,html
I appreciate it if you can give me advice to solve the issue.
If you need further information, please let me know.
Thank you in advance.
We were really wanted that function and are very happy to here that FCKeditor is implemented in d3forum 0.77 and later.
But unfortunately, I've been unable to activate FCKeditor on d3forum and trying many things since you released 0.77.
I¡Çve tried it on XCL2.1.1 and 2.1.2.
FCKeditor is available on ¡Èbulletin¡É.
Protector 3.14 is active, but ¡È'allow_url_fopen' : on¡É.
These are optioned for the forum which I want to use FCKeditor.
default_options:smiley,xcode,number_entity,html
allow_html:1
allow_textimg:0
allow_sig:1
allow_sigimg:0
posts_per_topic:100
hot_threshold:10
topics_per_page:20
use_vote:1
use_solved:1
allow_mark:1
allow_hideuid:0
viewallbreak:10
selfeditlimit:31536000
selfdellimit:0
css_uri:{mod_url}/index.php?page=main_css
images_dir:images
body_editor:common_fckeditor
guest_vote_interval:86400
I appreciate it if you can give me advice to solve the issue.
If you need further information, please let me know.
Thank you in advance.
gigamaster
Posted on 2007/9/29 6:53
Great work !
This is one more nice feature!
Very useful for example, academic,
or companies intranets.
This is one more nice feature!
Very useful for example, academic,
or companies intranets.
Login