421
Discussion & Troubleshooting / Re: Conditional User Group template tags
« on: March 29, 2005, 10:19:00 PM »
Hi V@no
Why is it a sercurity risk to use HTML code in the description of pictures? Is it possible to user HTML code in the upload form?
In one category I show the product which are for sell. The description of the product is entered in the descirption picture. One of the product is a postcard, which shows one of a picture, made by the customer. That's, why I'd like to show the link for uploading pictures, but only for logged in users. A logged in user can upload a picture an buy postcards with this picture on it.
So I'd like to use HTML code only for my "pictures" or let's say for my "products" I wanna sell. Users, which can upload pictures don't have to use HTML code.
Do I have to replace something in the code? Instead of interpreting the code, it shows me the code, unless the first line.
The following is displayed on the details:
global $user_info;
if ($user_info['user_level'] > GUEST)
{
?>
Upload Foto (Sie können das Foto auch nach der Bestellung hochladen.)
}
?>
Thanks
Serge
PS:
Why is it a sercurity risk to use HTML code in the description of pictures? Is it possible to user HTML code in the upload form?
In one category I show the product which are for sell. The description of the product is entered in the descirption picture. One of the product is a postcard, which shows one of a picture, made by the customer. That's, why I'd like to show the link for uploading pictures, but only for logged in users. A logged in user can upload a picture an buy postcards with this picture on it.
So I'd like to use HTML code only for my "pictures" or let's say for my "products" I wanna sell. Users, which can upload pictures don't have to use HTML code.
Do I have to replace something in the code? Instead of interpreting the code, it shows me the code, unless the first line.
The following is displayed on the details:
global $user_info;
if ($user_info['user_level'] > GUEST)
{
?>
Upload Foto (Sie können das Foto auch nach der Bestellung hochladen.)
}
?>
Thanks
Serge
PS:
Code: [Select]
define('EXEC_PHP_CODE', 1);
should be ok, shouldn't it?