Input Format filtering changes

Submitted by Jeff Schuler on Sun, 02/10/2008 - 01:15.

Susan suggested that the text Input Format options (when posting a blog/comment/etc.) provide more choice than is needed or wanted for the typical user.

I set out to remove the php option, leaving Full HTML and Filtered HTML. No user needs to include inline php code.

When deleting an input format, entries using that format will be changed to the default input type, so before deleting, I searched the database for nodes (entries) that use the php input type:
SELECT title, nid FROM node WHERE format=2;
And, examining each, found that while they included no php, many of them had embed (HTML) tags, divs or other such.

Turns out that the Full HTML option was being filtered as well ~ only certain tags were allowed, so users were using the unfiltered php type to get their tags through. I removed HTML filtering on Full HTML. (Can't hurt, considering folks were already allowed to post unfiltered, using the php format type.)

I ran a command against the database,
UPDATE node SET format=3 WHERE format=2;
to change all nodes that used the php format type to Full HTML, then deleted the php input type.

I added a few tags to allowed list for the Filtered HTML input type, and disabled Full HTML for all users except those listed as Admins or Editors.

If certain tags are disallowed in Filtered HTML that you feel shouldn't be, please drop a comment here.

Admins, use for these settings.

( categories: )