Link to ToS in Attribute

How can I add a link to my Terms of Service with the new “default attribute” = “Terms of Service”?

Mantis Issue #19003 created a new default attribute requiring users to tick a checkbox that they’ve read our Terms of Service.

The default text for this attribute is

"I agree to the terms of service of <website_domain>".

I would like to change the text of this attribute to:

I agree to the <a href="">OSE Privacy Policy</a>.

But when I try to edit the attribute (“Config” -> “Configure attributes” -> change the contents of the input field next to “Tag Name” -> “Save changes”), my html is stripped from the attribute’s Tag Name :frowning:

Is this a bug? Is there a workaround for this? What have other people done to ensure that they actually provide access to their ToS/PP when mandating that their users agree to it?


Somewhat related, the link is broken to phplist’s Privacy Policy within your Terms & conditions page:

It links to:

1 Like

Thanks for that, corrected link to correct page.

1 Like

fyi, I created a mantis bug about this here:

1 Like

@maltfield, do you have any solution? I can’t see issue #19436 ins Mantis.

Manual says: “Consider adding a required consent checkbox which links to your legal policies” ( but I don’t know how to do this.

@gellert.gyuris my solution is to manually modify the code of my phplist installs :confused:


Edit the file public_html/lists/admin/attributes.php by removing the strip_tags() function from three distinct places:

  1. the code that populates the value="" tag of the input on the page load
  2. the code that UPDATEs existing attributes in the DB
  3. the code that INSERTs new attributes in the DB

More specifically, here’s a diff of the original file and my updated version:

<                     $tables['attribute'], sql_escape(strip_tags($_POST['name'][0])), sql_escape($_POST['type'][0]),
>                     $tables['attribute'], sql_escape($_POST['name'][0]), sql_escape($_POST['type'][0]),
<                     $tables['attribute'], sql_escape(strip_tags($_POST['name'][$id])), sql_escape($_POST['type'][$id]),
>                     $tables['attribute'], sql_escape($_POST['name'][$id]), sql_escape($_POST['type'][$id]),
<   <input type="text" name="name[' .$row['id'].']" value="'.htmlspecialchars(stripslashes(strip_tags($row['name']))).'" size="40" />';
>   <input type="text" name="name[' .$row['id'].']" value="'.htmlspecialchars(stripslashes($row['name'])).'" size="40" />';

After this change, you should be able to set the “Name” of the attribute to include an html <a href="..."> anchor tag that links to your ToS.

I’ve done this on three distinct phpList installs. Note how they all have a checkbox for “I agree to the XYZ Privacy Policy” – where the “Privacy Policy” bit is a hyperlink to the actual privacy policy:

1 Like

@maltfield, tanks for the detailed description. Yes, this workaround works for me too. I think, this is not an official solution :smile:, but works. Thank you very much.

1 Like