Перейти к содержимому


Фотография
- - - - -

Final Hurdle - removing html post restriction on non-trusted mode


Лучший Ответ SmetDenis , 28 May 2014 - 10:14

Hi
 
First of all, try to use second way.
Maybe it doesn't work because Joomla security system will deny requests with HTML code for anonymous users.
So if it's true, I see only one way - disable text filter in the global configuration Joomla.
 
Did you already try this solution ?
Перейти к сообщению


  • Закрытая тема Тема закрыта
Сообщений в теме: 4

#1 tobypsl2

tobypsl2

Отправлено 27 May 2014 - 09:43

After several months of tweaking and very minor hacking we have finally managed to enable remote posting to the JBZoo component via a front end form submission.  The issue was at the third party end and the type of form they could post to and the http request process their system could handle. But that is now resolved.

 

One measure was that we needed to enable public posting (to avoid the need for login requests).  The form page is IP protected so essentially public posting can never happen.

 

But they need to be able to send html - which is only supported in trusted mode. Public posters can not have trusted mode.

 

This is our final hurdle.

 

I am wondering the easiest hack to enable html posting via submissions from public?


  • 0

#2 SmetDenis

SmetDenis

Отправлено 28 May 2014 - 08:38

Hi,
 
Check the global Joomla configuration - Text filters
shr_200x0.png
 
And you can replace this function
u9k_200x0.png


to 
    public function isInTrustedMode() {
        return true;
    }
 
So any submissions will always work in the trust mode.
  • 0
JBZoo v4.0 и новый чудный мир Open Source GPL
Отключайте проверку лицензий как можно скорее!



— Есть два типа людей: Кто еще не делает бекапы и кто уже делает бекапы.


#3 tobypsl2

tobypsl2

Отправлено 28 May 2014 - 09:06

Hi SmetDenis

 

do I need to do both of these or will just the second work? because presumably no HTML is required as a general setting otherwise all forms (even the non IP protected ones) will be vulnerable.

 

Thanks


Сообщение отредактировал tobypsl2: 28 May 2014 - 09:10

  • 0

#4 SmetDenis

SmetDenis

Отправлено 28 May 2014 - 10:14   Лучший Ответ

Hi
 
First of all, try to use second way.
Maybe it doesn't work because Joomla security system will deny requests with HTML code for anonymous users.
So if it's true, I see only one way - disable text filter in the global configuration Joomla.
 
Did you already try this solution ?

  • 0
JBZoo v4.0 и новый чудный мир Open Source GPL
Отключайте проверку лицензий как можно скорее!



— Есть два типа людей: Кто еще не делает бекапы и кто уже делает бекапы.


#5 tobypsl2

tobypsl2

Отправлено 30 May 2014 - 13:26

The second suggestion worked fine thanks - I'd just misinterpreted what you way saying re: that global Joomla filters.


  • 0




Click to return to top of page in style!