Skip to content

Preserve HTML in sitedownmessage when WYSIWYG is active#1

Open
Koalink wants to merge 2471 commits into
tom2tom:mainfrom
Koalink:patch-1
Open

Preserve HTML in sitedownmessage when WYSIWYG is active#1
Koalink wants to merge 2471 commits into
tom2tom:mainfrom
Koalink:patch-1

Conversation

@Koalink
Copy link
Copy Markdown

@Koalink Koalink commented Apr 20, 2026

The sitedownmessage field in Site Preferences used strip_tags() on all submitted values, stripping every HTML tag before saving. Since the field is rendered through a WYSIWYG editor, any formatting (paragraphs, line breaks, bold, links, etc.) was silently discarded, giving the impression that modifications were not persisted.

Only apply strip_tags() when the WYSIWYG toggle is disabled; otherwise store the raw HTML as entered. The empty-after-trim guard is preserved so blank submissions still trigger error_sitedownmessage.

tom2tom added 30 commits February 21, 2026 13:10
@tom2tom
replace deprecated method
e18c046 
simplify db interaction
@tom2tom
add comment
d1624a2
@tom2tom
conform methods' return-value
f91b1dd
@tom2tom
use splat operator
216e36b
@tom2tom
export more functionality
6d823a2
@tom2tom
update API text
b0a5e01
@tom2tom
use cms_siteprefs for caching parameters
8b8e227
@tom2tom
bump version
3db671d
@tom2tom
enhanced design-I/O
abad63a
@tom2tom
correct (C) year
0c456e7
@tom2tom
consolidate image storage
9bd3739
@tom2tom
extra details
b42dc4f
@tom2tom
new & revised strings
8b4f6e8
@tom2tom
extra preferences, permissions,folders
141f1dd
@tom2tom
bump php min-version
4290ec8
@tom2tom
extra details
7c1855b
@tom2tom
revise TMPDIR processing
716d251
@tom2tom
change Smarty version
681c6e0
@tom2tom
improve error handling
ade038d
@tom2tom
default port null instead of 0
bb05727 
improved race-prevention for sequence-tables
@tom2tom
migrate async operations to core
dd1312c
@tom2tom
use hooks to accumulate page header-content and/or footer-content
cec9cfe
@tom2tom
extra detail
6ac5b44
@tom2tom
extra strings
a0fdef1
@tom2tom
extra and corrected strings
6c39555
@tom2tom
corrected strings
77a8747
@tom2tom
corrected and reformatted strings
ac135b2
@tom2tom
omit moved file
b946b9c
@tom2tom
omit string
fadd27c
@tom2tom
new & revised strings
0b30f8a
tom2tom and others added 29 commits April 18, 2026 17:29
@tom2tom
support background-jobs clearance
26859b9
@tom2tom
use renamed field
813c8ec
@tom2tom
housekeeping
9089585
@tom2tom
correct element ids
9462352 
use mutable profile
@tom2tom
use renamed class
0cb18b0 
use user-specific preference methods
@tom2tom
use renamed class
04f97a1
@tom2tom
housekeeping
3d14a17
@tom2tom
re-arrange tabs
0d915c8 
rename elements
@tom2tom
add array type-declarations
50c5e49
@tom2tom
display no. of cached files
4156fc1 
support jobs clearing
not a cached page
@tom2tom
use event-handler type
248209e
@tom2tom
update API text
12dea3f
@tom2tom
ordinary (mutable) class
0560b46 
support usage of all profile-properties
@tom2tom
update licence url
f1f03a2
@tom2tom
rationalise <h/> elements hierarchy
ae8a457
@tom2tom
whitespace
72a24d8
@tom2tom
renamed variables and url-parameters
8898fdf 
use event-handler types
@tom2tom
renamed variables and url-parameters
5fbdd6c 
use event-handler types
@tom2tom
correct label-associations
3d40e32 
add checkbox values
@tom2tom
revise label-associations
d772192
@tom2tom
use event-handler types
23aa8bf
@tom2tom
support jobs-related settings
7376f6f
@tom2tom
by default, enable Smarty caching
1bf0f7c
@tom2tom
support sorting by media-property
ec7f316
@tom2tom
renamed variables
a5e1f61 
show error-dialog
@tom2tom
renamed variables
cd2a85e
@tom2tom
new version
f36dcdd
@tom2tom
omit unused translation
fed518c
@Koalink
Preserve HTML in sitedownmessage when WYSIWYG is active
701674f 
The sitedownmessage field in Site Preferences used strip_tags() on all submitted values, stripping every HTML tag before saving. Since the field is rendered through a WYSIWYG editor, any formatting (paragraphs, line breaks, bold, links, etc.) was silently discarded, giving the impression that modifications were not persisted.

Only apply strip_tags() when the WYSIWYG toggle is disabled; otherwise store the raw HTML as entered. The empty-after-trim guard is preserved so blank submissions still trigger error_sitedownmessage.
@tom2tom
Copy link
Copy Markdown
Owner

tom2tom commented Apr 20, 2026

Thanks, I totally agree with your identification of the problem.
However I think that the solution for that context is to retain any html tags, whether generated by WYSIWYG editor or not.
Instead of stripping tags, IMHO the input should be 'properly' sanitised. (You'll have noticed that in general, CMSMS2 is pathetic at sanitisation.)
See e.g. news_ops::execSpecialize(), UserGuideUtils::cleanContent(). Not cleanValue().
See also
portswigger
owasp
htmLawed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Koalink @tom2tom