merge r22660 from branch 2.5 to trunk

feature 2899: ability to allow HTML in EXIF/IPTC (disabled by default) git-svn-id: http://piwigo.org/svn/trunk@22661 68402e56-0260-453c-a942-63ccdbb3a9ee
author: plegall <plg@piwigo.org> 2013-05-14 08:05:06 +0000
committer: plegall <plg@piwigo.org> 2013-05-14 08:05:06 +0000
commit: 206d9bee4c086316abd1d39a000e9160b86e0db5 (patch)
tree: c6614ef2bc5de1bc3c761ef11f2024896e8bd7a8 /include/config_default.inc.php
parent: 348ab67a887a85ccd139000096e1efe699ee8149 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 4372e61fe..9f812450b 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -374,6 +374,11 @@ $conf['use_exif_mapping'] = array(
   'date_creation' => 'DateTimeOriginal'
   );
 
+// allow_html_in_metadata: in case the origin of the photo is unsecure (user
+// upload), we remove HTML tags to avoid XSS (malicious execution of
+// javascript)
+$conf['allow_html_in_metadata'] = false;
+
 // +-----------------------------------------------------------------------+
 // |                               sessions                                |
 // +-----------------------------------------------------------------------+
author	plegall <plg@piwigo.org>	2013-05-14 08:05:06 +0000
committer	plegall <plg@piwigo.org>	2013-05-14 08:05:06 +0000
commit	206d9bee4c086316abd1d39a000e9160b86e0db5 (patch)
tree	c6614ef2bc5de1bc3c761ef11f2024896e8bd7a8 /include/config_default.inc.php
parent	348ab67a887a85ccd139000096e1efe699ee8149 (diff)