4/21/2009

UDT 03.05.01 and incorrect filtering of script in text/html fields

Those of you using the latest version of the old User Defined Table module (which is to be replaced by the Form and List module in DNN 5.x) may have noticed an annoying bug that makes the UDT module insist on filtering out script, object and embed tags even when you have specifically specified that you don’t want it to.

 

What does this mean? It means that you can’t embed YouTube videos, for example, because UDT will filter out the embed code’s tags.

 

When does it happen? Well, fortunately it doesn’t happen when you’re admin or host. But it does happen if you’ve given other users edit rights on UDT data. Any user that is not Admin or Host cannot write these tags in the HTML view of a Text/HTML field inside a User Defined Table. They are just filtered out, even when the relevant setting is unchecked.

 

To fix that, you’ll need to download the code for UDT 03.05.01. The problem lies in file EditControls.vb, line 52:

 

If ParentModule.Settings.ContainsKey(SettingName.ForceInputFiltering) Then
               
inputFilterScript = Not isAdmin
               
inputFilterTags = isAnonymous
End If

 

The “if” clause in line 52 just checks whether the setting exists, not its value. To fix that you need to make the code in line 52 as follows:

 

If ParentModule.Settings.ContainsKey(SettingName.ForceInputFiltering) AndAlso ParentModule.Settings(SettingName.ForceInputFiltering).Equals("True") Then
               
inputFilterScript = Not isAdmin
               
inputFilterTags = isAnonymous
End If

 

(I apologise for the line breaks, please consider that the IF clause should be in a single line)

 

What I’ve done is that I have added a second condition that actually checks the VALUE of the setting and applies the rule only if it’s true.

 

You can compile the code with that change and just replace the old dll file with the newly-compiled one in dotnetnuke’s Bin folder.

 

Please let me know if you’ve been having trouble with this, I’ve already got a compiled dll so I could send it to anyone who’s not into code much – although, as always, I must insist that you always try those things at your own risk!

.

0 comments:

Related Posts with Thumbnails

Recent Comments

Free DotNetNuke Stuff

Free DotNet Videos

  © Blogger template The Professional Template by Ourblogtemplates.com 2008

Back to TOP