Field not conforming to Channel Posting Preferences

[chichilatte]

I noticed if you have an NSM TinyMCE field in your channel, the Channel Posting Preferences setting "Automatically turn URLs and email addresses into links?" is ignored.

Looking at the php code, it looks like all of the posting preferences are ignored, including "Default HTML formatting in channel entries", which could be a serious security issue, right? Any of your [hacked] members could put any XSS in there they like.

Here's a solution. Change line 85 of _ft.nsm_tinymce.php from:

    return $data;

to

    return $this->EE->typography->parse_type(
        $this->EE->functions->encode_ee_tags($data),
        array(
            'text_format'   => $this->row['field_ft_'.$this->field_id],
            'html_format'   => $this->row['channel_html_formatting'],
            'auto_links'    => $this->row['channel_auto_link_urls'],
            'allow_img_url' => $this->row['channel_allow_img_urls']
        )
    );

That bit of code is copied from EE2.1.0 system/expressionengine/fieldtypes/ft.text.php (it may be different for other EE versions!)