Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Is there a way to use wysiwyg-editor at send private message?

+3 votes
349 views
asked Dec 30, 2013 in Plugins by Waterfr Villa
Is there a way to use wysiwyg-editor at send private message?

Would be jus awosom if we could
Q2A version: 1.6.2
commented Jul 28 by JackSiro
I now have that implemented in my q2a site forked to fit my own needs.

1 Answer

+2 votes
answered Dec 30, 2013 by sama55
selected Dec 31, 2013 by Waterfr Villa
 
Best answer

This may not be basic solution. However, It seems to be able to come true by remodeling my plugin and a little core hack.

[Plugin] *-layer.php (Edit 2 place)

WYSIWYG Editor for admin OR CKEditor4 for admin

// if($this->template == 'admin') {
if($this->template == 'admin' || $this->template == 'message') {
...
// if (empty($firstrequest) || $firstrequest != 'admin') return;
if (empty($firstrequest) || ($firstrequest != 'admin' && $firstrequest != 'message')) return;

Plugin settings:

Add "message" to "Name list of TEXTAREA tag" option.

[Core] qa-include/qa-page-message.php (Edit 2 place)

// $messageid=qa_db_message_create($loginuserid, $toaccount['userid'], $inmessage, '', false);
$messageid=qa_db_message_create($loginuserid, $toaccount['userid'], $inmessage, 'html', false);
...
//'value' => qa_html(@$inmessage, $messagesent),
'value' => @$inmessage,

But security-like issue may remain... ?

commented Dec 30, 2013 by Waterfr Villa
Thank you Sama55, I will go home and test it and let you know.
- I am still concerned, why you think that would create security variability?
commented Dec 30, 2013 by sama55
I confirmed that it worked by an upper change definitely. However, input texts are sanitized by qa_html() function. Unexpected code (HTML tag, javascript, etc) may be input by excluding this defense. I do not yet investigate program codes about this things.
commented Dec 31, 2013 by Waterfr Villa
That's great you tested it thanks.
You are right, unexpected codes (HTML tag, javascript, etc) could be an issue here
...