Coppermine Photo Gallery v1.5.x: Documentation and Manual

Table of Contents
No translation available

Bbcode

Using bbcode to insert links and special formatting in various description fields.

Bulletin Board Code or BBCode is a lightweight markup language used to format posts in many message boards and similar web-driven applications.

Purpose

The available tags are usually indicated by square brackets surrounding a keyword, and they are parsed by the message board system before being translated into a markup language the web browsers understand — usually HTML or XHTML.

In other words: the bbcode tags allow you to add some formatting to text without granting the visitor access to all HTML commands (which would be a high security risk and therefore is not an option).

Available bbcode tags

Coppermine understands the following bbCodes (the same bbCodes that are used by phpBB, SMF and many other BBS apps) in image and album description fields as well as in comment fields.

Dangers

In cpg1.4.x, the coppermine dev team had to disable the processing of the bbcode tags [url] and [img] with the maintenance release of cpg1.4.21 due to the potential dangers of a Cross-Site Request Forgery attack (CSRF definition). In cpg1.5.x, this danger has been dealt with by adding a form token check to the processing of all forms. This is meant to make sure that a made-up link can't cause an admin-action. However, there is a certain danger that lies in the concept itself to allow the mentioned tags.

More control

There is a much more granular and powerfull control for bbcode available as a separate plugin that doesn't ship with coppermine out of the box. If you need more bbcode tags or if you explicitely need to enable or disable particular tags, take a look at the BBCode Control plugin.