HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


[SOLVED] Issues with post templates

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#98501 (In Topic #19425)
Avatar

Well-settled

So I have no idea what is going on....

I have a couple of post templates that I use for applications to join my gaming community.  When I view them as "add topic" or a couple other members, they look fine (see pic 1).

But if you are in the default "new recruit" group it appears all messed up (see pic 2).


The code is simple code (good):

Code

<ol>
<li>
<strong>PlanetSide 2 Character Name:</strong> [insert here]</li>
<li>
<strong>Current Battle Rank:</strong>&nbsp;[insert here]</li>
<li>
<strong>What times are you available to play?:</strong>&nbsp;[insert here]</li>
<li>
<strong>Are you currently in an outfit?:</strong> [Yes/No]
<ol start="1" style="list-style-type: lower-alpha;">
<li>
<strong>If yes, which outfit?:</strong>&nbsp;[insert here]</li>
</ol>
</li>
<li>
<strong>What class do you primarily play?:</strong> [Combat Medic/Engineer/Heavy Assault/Infiltrator/Light Assault/MAX]</li>
<li>
<strong>What vehicle do you primarily use?:</strong> [Flash/Galaxy/Harasser/Liberator/Lightning/Reaver/Sunderer/Vanguard]</li>
<li>
<strong>What division do you want to primarily&nbsp;play?:</strong> [Air/Armor/Infantry]</li>
<li>
<strong>List your most valuable upgrades (example: Skyguard, AA MAX, etc):</strong> [insert here]</li>
<li>
<strong>Do you have a spawn beacon and smoke?:</strong> [Yes/No]</li>
<li>
<strong>Do you have a working mic?:</strong> [Yes/No]</li>
<li>
<strong>Why do you think you would be a good addition to VVAR?:</strong> [insert here]</li>
<li>
<strong>How did you hear about VVAR?:</strong> [insert here]</li>
<li>
<strong>Play any other games?:</strong> [insert here]</li>
<li>
<strong>Please give two to three dates and times were you know you will be on (for today + 7 days) for an Officer to contact you:</strong> [insert here]</li>
<li>
<strong>I have read and agree to the terms listed in VVAR Code of Conduct (found at: <a href="http://vvarmachine.com/index.php?page=codeofconduct" _cke_saved_href="http://vvarmachine.com/index.php?page=codeofconduct" _cke_saved_href="http://vvarmachine.com/index.php?page=codeofconduct" _cke_saved_href="http://vvarmachine.com/index.php?page=codeofconduct" target="_blank">http://vvarmachine.com/index.php?page=codeofconduct</a>):</strong> [Yes I agree/No I do not agree]</li>
<li>
<strong>Please supply us with a link to your characters stat page for review.&nbsp; Information about your own character can be found at: <a href="http://www.planetside-universe.com/characters.php" target="_blank">http://www.planetside-universe.com/characters.php</a>):</strong> [insert here]</li>
<li>
<strong>Anything else we should know?:</strong> [insert here]</li>
</ol>


This is what the code looks like on the new post for the default group:

Code

<ol>
<li>
<strong>PlanetSide 2 Character Name:</strong> [insert here] <strong>Current Battle Rank:</strong>&nbsp;[insert here] <strong>What times are you available to play?:</strong>&nbsp;[insert here] <strong>Are you currently in an outfit?:</strong> [Yes/No] <strong>If yes, which outfit?:</strong>&nbsp;[insert here]</li>
</ol>
<strong>What class do you primarily play?:</strong> [Combat Medic/Engineer/Heavy Assault/Infiltrator/Light Assault/MAX] <strong>What vehicle do you primarily use?:</strong> [Flash/Galaxy/Harasser/Liberator/Lightning/Reaver/Sunderer/Vanguard] <strong>What division do you want to primarily&nbsp;play?:</strong> [Air/Armor/Infantry] <strong>List your most valuable upgrades (example: Skyguard, AA MAX, etc):</strong> [insert here] <strong>Do you have a spawn beacon and smoke?:</strong> [Yes/No] <strong>Do you have a working mic?:</strong> [Yes/No] <strong>Why do you think you would be a good addition to VVAR?:</strong> [insert here] <strong>How did you hear about VVAR?:</strong> [insert here] <strong>Play any other games?:</strong> [insert here] <strong>Please give two to three dates and times were you know you will be on (for today + 7 days) for an Officer to contact you:</strong> [insert here] <strong>I have read and agree to the terms listed in VVAR Code of Conduct (found at: <a href="http://vvarmachine.com/index.php?page=codeofconduct" target="_blank">http://vvarmachine.com/index.php?page=codeofconduct</a>):</strong> [Yes I agree/No I do not agree] <strong>Please supply us with a link to your characters stat page for review.&nbsp; Information about your own character can be found at: <a href="http://www.planetside-universe.com/characters.php" target="_blank">http://www.planetside-universe.com/characters.php</a>):</strong> [insert here] <strong>Anything else we should know?:</strong> [insert here]


Ideas?


Last edit: by rteicheira

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Item has a rating of 5 (Liked by Chris Graham)  
Rating:
#98502
Avatar

Community saint

It could be the comcode permission settings for the 'new recruit' group is more restrictive than the other groups.  You would find those settings in the Adminzone->Security->Global Priveleges.  From there select Comcode in the list and click the Choose button.  Possibly the 'Subject to a more liberal HTML filter' permission?
Back to the top
 
Posted
Rating:
#98503
Avatar

Well-settled

That would be it.  I checked everything else, but didn't think about checking the Comcode area.

That fixed the issue.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Rating:
#98504
Avatar

Community saint

But I'm not sure what kind of security risk this might be.
Back to the top
 
Posted
Rating:
#98505
Avatar

Well-settled

I can't think of much one can do with HTML.  It is kind of weird that post templates would need to have "Subject to a more liberal HTML filter" enabled to make it work, even with just basic list or bold code.

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Posted
Item has a rating of 5 (Liked by Chris Graham)  
Rating:
#98506
Avatar

Community saint

With HTML they have the ability to write arbitrary code, like embed javascript which can be a security vulnerability.

For more info, see: ocPortal Tutorial: WYSIWYG editing - ocPortal.com

Do you have a Samsung Galaxy S / Galaxy S II ? If so, why not check out my ScreenFree FM Radio .
Back to the top
 
Posted
Rating:
#98507
Avatar

Yes to all, the resolution and that this does sound like it could be a bug. I will try and take a look next week.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Item has a rating of 5 (Liked by Chris Graham)  
Rating:
#98508
Avatar

Community saint

It would probably be best just to use the [list] comcode tag instead of using HTML <ol> <li> tags, at least in this case. A bit more difficult if you prefer HTML over comcode, but more secure than allowing 'new recruits' less restricted access to HTML. I think what might be tripping up ocPortal in this case is the nested <ol> tags, but regex gives me headaches so I could be wrong :P
Back to the top
 
Posted
Item has a rating of 5 (Liked by Chris Graham)  
Rating:
#98509
Avatar

Community saint

This should be a good substitute:

Code

[semihtml]
[list="1"]
[b]PlanetSide 2 Character Name:[/b] [insert here][*]
[b]Current Battle Rank:[/b] [insert here][*]
[b]What times are you available to play?:[/b]&nbsp;[insert here][*]
[b]Are you currently in an outfit?:[/b] [Yes/No]
[list="lower-alpha"][b]If yes, which outfit?:[/b] [insert here][/list]
[*]
[b]What class do you primarily play?:[/b] [Combat Medic/Engineer/Heavy Assault/Infiltrator/Light Assault/MAX][*]
[b]What vehicle do you primarily use?:[/b] [Flash/Galaxy/Harasser/Liberator/Lightning/Reaver/Sunderer/Vanguard][*]
[b]What division do you want to primarily play?:[/b] [Air/Armor/Infantry][*]
[b]List your most valuable upgrades (example: Skyguard, AA MAX, etc):[/b] [insert here][*]
[b]Do you have a spawn beacon and smoke?:[/b] [Yes/No][*]
[b]Do you have a working mic?:[/b] [Yes/No][*]
[b]Why do you think you would be a good addition to VVAR?:[/b] [insert here][*]
[b]How did you hear about VVAR?:[/b] [insert here][*]
[b]Play any other games?:[/b] [insert here][*]
[b]Please give two to three dates and times were you know you will be on (for today + 7 days) for an Officer to contact you:[/b] [insert here][*]
[b]I have read and agree to the terms listed in VVAR Code of Conduct (found at: <a href="http://vvarmachine.com/index.php?page=codeofconduct">http://vvarmachine.com/index.php?page=codeofconduct</a>):[/b] [Yes I agree/No I do not agree][*]
[b]Please supply us with a link to your characters stat page for review. Information about your own character can be found at: <a href="http://www.planetside-universe.com/characters.php" target="_blank">http://www.planetside-universe.com/characters.php</a>):[/b] [insert here][*]
[b]Anything else we should know?:[/b] [insert here]
[/list]
[/semihtml]

Just remember to go back to secure the permissions on the comcode if that worries you.
Back to the top
 
Posted
Rating:
#98528
Avatar

Ok, this was a bug. List elements (li tag) were not white-listed :$.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#98530
Avatar

Well-settled

Hehe :)

Can I manually white-list it till the next update?

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
Important!
Posted
Item has a rating of 5 (Liked by rteicheira)  
Rating:
#98531
Avatar

Automated fix message

rteicheira said

Hehe :)

Can I manually white-list it till the next update?
This issue has been filed on the tracker as issue #1295, with a fix.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Important!
 
Posted
Rating:
#98532
Avatar

Well-settled

Awesome!

I had to add one additional like to the white-list:

Code

<ol start="1" style="list-style-type: lower-alpha;">
as I had an embedded list in the list

Russ Teicheira
http://vvarmachine.com or http://vvarnc.com - OCPortal Install
http://www.russteicheira.net
 - Profile Site that needs updating
http://projectxfire.com - Tech Blog that I need to get back to
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: