Link to ToS in Attribute

maltfield · September 19, 2018, 2:23am

How can I add a link to my Terms of Service with the new “default attribute” = “Terms of Service”?

Mantis Issue #19003 created a new default attribute requiring users to tick a checkbox that they’ve read our Terms of Service.

The default text for this attribute is

"I agree to the terms of service of <website_domain>".

I would like to change the text of this attribute to:

I agree to the <a href="https://wiki.opensourceecology.org/wiki/Open_Source_Ecology:Privacy_policy">OSE Privacy Policy</a>.

But when I try to edit the attribute (“Config” -> “Configure attributes” -> change the contents of the input field next to “Tag Name” -> “Save changes”), my html is stripped from the attribute’s Tag Name

Is this a bug? Is there a workaround for this? What have other people done to ensure that they actually provide access to their ToS/PP when mandating that their users agree to it?

Cheers,
Michael

maltfield · September 19, 2018, 2:28am

Somewhat related, the link is broken to phplist’s Privacy Policy within your Terms & conditions page:

https://www.phplist.org/terms-conditions/

It links to:

https://www.phplist.orghttps//www.phplist.org/privacy-policy/-policy/

Dragonrider · September 19, 2018, 7:48am

Thanks for that, corrected link to correct page.

maltfield · October 2, 2018, 2:17am

fyi, I created a mantis bug about this here:

https://mantis.phplist.org/view.php?id=19436

gellert.gyuris · November 17, 2020, 12:24pm

@maltfield, do you have any solution? I can’t see issue #19436 ins Mantis.

Manual says: “Consider adding a required consent checkbox which links to your legal policies” (https://www.phplist.org/manual/books/phplist-manual/page/gdpr) but I don’t know how to do this.

maltfield · November 29, 2020, 8:46am

@gellert.gyuris my solution is to manually modify the code of my phplist installs

public_html/lists/admin/attributes.php

Edit the file public_html/lists/admin/attributes.php by removing the strip_tags() function from three distinct places:

the code that populates the value="" tag of the input on the page load
the code that UPDATEs existing attributes in the DB
the code that INSERTs new attributes in the DB

More specifically, here’s a diff of the original file and my updated version:

<                     $tables['attribute'], sql_escape(strip_tags($_POST['name'][0])), sql_escape($_POST['type'][0]),
---
>                     $tables['attribute'], sql_escape($_POST['name'][0]), sql_escape($_POST['type'][0]),
162c162
<                     $tables['attribute'], sql_escape(strip_tags($_POST['name'][$id])), sql_escape($_POST['type'][$id]),
---
>                     $tables['attribute'], sql_escape($_POST['name'][$id]), sql_escape($_POST['type'][$id]),
375c375
<   <input type="text" name="name[' .$row['id'].']" value="'.htmlspecialchars(stripslashes(strip_tags($row['name']))).'" size="40" />';
---
>   <input type="text" name="name[' .$row['id'].']" value="'.htmlspecialchars(stripslashes($row['name'])).'" size="40" />';

After this change, you should be able to set the “Name” of the attribute to include an html <a href="..."> anchor tag that links to your ToS.

I’ve done this on three distinct phpList installs. Note how they all have a checkbox for “I agree to the XYZ Privacy Policy” – where the “Privacy Policy” bit is a hyperlink to the actual privacy policy:

gellert.gyuris · November 30, 2020, 12:16pm

@maltfield, tanks for the detailed description. Yes, this workaround works for me too. I think, this is not an official solution , but works. Thank you very much.