What happens if you tick "allow css tweaks" ?

¥

I'm pretty sure that lets users insert images with the "less XHTML" setting checked, but that's not cool. I mean, if I allow a group to use less stringent XHTML how am I to magically know I also need to, effectively, open up a security hole?

BTW my users are pretty much the IE type. Not aware of other browsers, not aware of the reasons to not post an email addy on a forum, not aware that copy/pasting any and all code from anywhere might not be good, not aware of how to surf smart. So while I doubt the users will do malicious stuff with intent, I'd hate to find out I set up a situation where they could accidentally make bad things happen.

And with open registration who knows who'll come along eh? I'm giving posting permissions upon registration is the thing. All you have to know is when asked "what color is grass" you respond with "who cares - fire it up!" ;)

Does that mean it worked? ... just askin' because it looks in the code like it should ... so that'd narrow down the "sheesh this bit was written by a moron [ lets hope like buggery that section's not written by me, or I'll look like a dick .... again :-S ]" section of code I need to laugh ( or cringe ... I'm an optimist ) at ;)

I'm impressed that any IE user can work out how the files tab operates :D

¥

I will set up the situation again and test. Currently I am only "fairly certain" because I seem to recall asking myself if for some reason I had to untick that box ... and unticking it. Give me some time though as I'm about to put to the test creating a custom hook and moving the work to the plugin instead of hacking the snot out of my skin.

PS: I tell them. With $this->msg I tell them to look up above for "Files" and click it. :)

They're all good folk. Just that I can't predict the level of comfort or skill with webbyness yah?

EdB wrote:

Just that I can't predict the level of comfort or skill with webbyness yah?

I'd agree ( [url=http://bash.org/?835030]bash.org[/url] ) ;)

¥

Tested and confirmed. Unchecking the "allow css stuff" box after radio buttoning "basic security checking" allows a group-4 level-1 user to upload images again.

* edited * User problem, meaning I forgot it doesn't resize if you don't do the "make posts" thing.

@ Yabba
re bash.org
Thanks for that. :)
Made my morning though there's coffee all over the place.

Made me spit coffee over my monitor when I read it :D

I'll have a meander through the code and see what I can find eddy :roll:

¥