diff options
author | plegall <plg@piwigo.org> | 2013-05-14 08:04:33 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2013-05-14 08:04:33 +0000 |
commit | 68c0ce65118669e70eb47e46e553ddcd4c48de53 (patch) | |
tree | 6702edf758cceef28d0f4e04ce7606cadd34fda6 /include/config_default.inc.php | |
parent | 509117aeb98927fafeba1632bfa1e0d6249bdad2 (diff) |
feature 2899: ability to allow HTML in EXIF/IPTC (disabled by default)
git-svn-id: http://piwigo.org/svn/branches/2.5@22660 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/config_default.inc.php')
-rw-r--r-- | include/config_default.inc.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 2a9ea1cad..8af8e256f 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -374,6 +374,11 @@ $conf['use_exif_mapping'] = array( 'date_creation' => 'DateTimeOriginal' ); +// allow_html_in_metadata: in case the origin of the photo is unsecure (user +// upload), we remove HTML tags to avoid XSS (malicious execution of +// javascript) +$conf['allow_html_in_metadata'] = false; + // +-----------------------------------------------------------------------+ // | sessions | // +-----------------------------------------------------------------------+ |