restrict use of tags in organisation name, and disallow JS

Author: michield

public_html/lists/admin/connect.php

@@ -245,6 +245,14 @@ function SaveConfig($item, $value, $editable = 1, $ignore_errors = 0)
 #            }
             //# we only use the image type for the logo
             flushLogoCache();
+            break;
+        default:
+            if (isset($configInfo['allowtags'])) { ## allowtags can be set but empty
+                $value = strip_tags($value,$configInfo['allowtags']);
+            }
+            if (isset($configInfo['allowJS']) && !$configInfo['allowJS']) { ## it needs to be set and false
+                $value = disableJavascript($value);
+            }
     }
     //# reset to default if not set, and required
     if (empty($configInfo['allowempty']) && empty($value)) {

public_html/lists/admin/defaultconfig.php

@@ -88,6 +88,8 @@
         'description' => s('Name of the organisation'),
         'type'        => 'text',
         'allowempty'  => true,
+        'allowtags'   => '<b><i><u><strong><em><h1><h2><h3><h4>',
+        'allowJS'     => false,
         'category'    => 'general',
     ),
 // logo of the organisation