1
Check the new Tutorial subforum with helpfull guides and tutorials for modifications and tweaks.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
<script type="text/javascript" language="javascript" src="<?php echo ROOT_PATH; ?>admin/browserSniffer.js"></script>
<script type="text/javascript" language="javascript" src="<?php echo ROOT_PATH; ?>admin/calendar.js"></script>
Add before:<script type="text/javascript" src="../tiny_mce/tiny_mce_gzip.js"></script>
<script type="text/javascript">
tinyMCE_GZ.init({
plugins : 'inlinepopups,style,layer,table,advhr,advimage,advlink,emotions,iespell,insertdatetime,preview,zoom,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras',
themes : 'advanced',
languages : 'en',
disk_cache : true,
debug : false
});
</script>
<script language="javascript" type="text/javascript">
tinyMCE.init({
mode : "textareas",
theme : "advanced",
plugins : "inlinepopups,style,layer,table,advhr,advimage,advlink,emotions,iespell,insertdatetime,preview,zoom,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras",
theme_advanced_buttons1 : "bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect,fontselect,fontsizeselect",
theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,search,replace,|,bullist,numlist,|,outdent,indent,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
theme_advanced_buttons3 : "tablecontrols,|,hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,print,|,ltr,rtl,|,fullscreen",
theme_advanced_buttons4 : "insertlayer,moveforward,movebackward,absolute,|,styleprops,|,cite,abbr,acronym,del,ins,|,visualchars,nonbreaking",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_path_location : "bottom",
extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]"
});
</script>
[url=http://nokia.com]http://www.nokia.com/6230i[/url]
$additional_image_fields['image_type'] = array($lang['mms_picture'], "text", 0);
to db_field_definitions.php. I was thinking about doing it like this {if image_type} LINK {endif image_type}this exploit uploads a .jpg file with maliciuos EXIF metadata comptempt,
it will be evaluated as php code:
<img src="./templates/default/smilies/icon_surprised.gif">
instead of :o