Index: openacs-4/packages/news/www/item-create-3.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/news/www/item-create-3.tcl,v diff -u -N -r1.12 -r1.13 --- openacs-4/packages/news/www/item-create-3.tcl 26 Dec 2009 23:27:56 -0000 1.12 +++ openacs-4/packages/news/www/item-create-3.tcl 26 Dec 2009 23:50:53 -0000 1.13 @@ -10,7 +10,7 @@ @cvs-id $Id$ } { publish_title:notnull - publish_body:notnull,trim + publish_body:allhtml,notnull,trim publish_body.format:notnull,trim {publish_lead {}} {publish_date_ansi:trim "[db_null]"} Index: openacs-4/packages/news/www/item-create.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/news/www/item-create.tcl,v diff -u -N -r1.9 -r1.10 --- openacs-4/packages/news/www/item-create.tcl 26 Dec 2009 23:27:56 -0000 1.9 +++ openacs-4/packages/news/www/item-create.tcl 26 Dec 2009 23:50:53 -0000 1.10 @@ -12,7 +12,7 @@ } { {publish_title {}} {publish_lead {}} - {publish_body {}} + {publish_body:allhtml {}} {publish_body.format {}} {publish_date_ansi {now}} {archive_date_ansi {}} Index: openacs-4/packages/news/www/preview.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/news/www/preview.tcl,v diff -u -N -r1.23 -r1.24 --- openacs-4/packages/news/www/preview.tcl 26 Dec 2009 23:33:09 -0000 1.23 +++ openacs-4/packages/news/www/preview.tcl 26 Dec 2009 23:50:53 -0000 1.24 @@ -11,7 +11,7 @@ action:notnull,trim publish_title:notnull,trim {publish_lead {}} - {publish_body:trim ""} + {publish_body:allhtml,trim ""} publish_body.format:notnull {revision_log: ""} text_file:optional @@ -31,22 +31,6 @@ } -validate { - content_html -requires {publish_body publish_body.format} { - # Note: this is the *only* check against disallowed HTML tags in the - # news posting system. Currently, each path for creating or revising - # a news items passes through this preview script, so it's safe. But if - # in the future someone modifies the package to, say, use self-submit forms - # the check will need to be added as a validator for each ad_form call. - if { ${publish_body.format} eq "text/html" || - ${publish_body.format} eq "text/enhanced" } { - set complaint [ad_html_security_check $publish_body] - if { ![empty_string_p $complaint] } { - ad_complain $complaint - return - } - } - } - check_revision_log -requires {action revision_log} { if { ![string match $action "News Item"] && [empty_string_p $revision_log]} { ad_complain "[_ news.lt_You_must_supply_a_rev]" @@ -184,6 +168,12 @@ # close any open HTML tags in any case set publish_body [util_close_html_tags $publish_body] + # Note: this is the *only* check against disallowed HTML tags in the + # news posting system. Currently, each path for creating or revising + # a news items passes through this preview script, so it's safe. But if + # in the future someone modifies the package to, say, use self-submit forms + # the check will need to be added as a validator for each ad_form call. + set errors [ad_html_security_check $publish_body] if { ![empty_string_p $errors] } { ad_return_complaint 1 $errors Index: openacs-4/packages/news/www/admin/revision-add-3.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/news/www/admin/revision-add-3.tcl,v diff -u -N -r1.9 -r1.10 --- openacs-4/packages/news/www/admin/revision-add-3.tcl 26 Dec 2009 23:27:56 -0000 1.9 +++ openacs-4/packages/news/www/admin/revision-add-3.tcl 26 Dec 2009 23:50:53 -0000 1.10 @@ -13,7 +13,7 @@ item_id:integer publish_title:notnull publish_lead - publish_body:notnull,trim + publish_body:allhtml,notnull,trim publish_body.format:notnull revision_log:notnull publish_date_ansi:notnull