[patch][rev 65] allow html code in Signature
Hi,
another very small patch.
It allows html code to be stored in signatures.
diff file
is this perhaps a security risc? is there a reason to not allow html code?
Regards
Re: [patch][rev 65] allow html code in Signature
Ramses,
yes, it's for security reasons. The finest solution is to let users edit their signature in the default Joomla WYSIWYG Editor. But the problem is, that not every user is allowed to use the editor in frontend. 
Please let me have a look at the code, maybe we can find a quick solution...
Robbie
Re: [patch][rev 65] allow html code in Signature
Yes using a "real" editor was one thing I thought about.
I also thought about alowing BBCode in signatures, this would fit most users need. But 'til now I did not found the function interpreting BB 
will look for it this night.
/*edit*/
(1)
I did a bit of research and I'm not really sure why using JRequest may be security risk. The JRequest class which uses JFilterInput looks quite safe to me. But I leak of knowledge in web programming to say this for sure.
(2)
I personaly would love to have BB code signatures, this is used in most other forums too. (afaik)
so a possible solution would be to add a call to
$joobbEngine->ConvertBBToHtml($post->signature)
to com_joobb/system/joobbpost.php
or to include the signature into function convertToHtml(&$post) in file com_joobb/system/joobbengine.php with
Code
//replace signature
if ($joobbConfig->getBoardSettings('enable_bbcode') && $post->enable_bbcode) {
$post->signature = $this->convertBBToHtml($post->signature);
}
$post->signature = str_replace("\n", "", $post->signature);
)
Re: [patch][rev 65] allow html code in Signature
Ramses,
sorry, no more time today to realize it. it's time to 
to allow BB codes to format signature is a good idea.
Robbie
Re: [patch][rev 65] allow html code in Signature
thanks for implementation.
(see pm for comments)
Regards
