html disallow is already set to 0

html dissallow = 0 -> html dissallow = no -> html allow = yes -> allow html?

or am I seeing it the wrong way?

i have: $allow_html = 0;

when i try and post a link myself its removed by the script. but the spammers still get their casino links in.

They are probably nesting the link within another HTML tag. You may need to run the user input through the HTML stripping function twine, rather than once. That should catch the ones that slip through.

how would one go about that?

You will need to open up the script that processes the user input(comment) and find the bit that strips HTML tags.

Look for:

if ($allow_html) ...

If you can find that part, post it here and we should be able to get you going.

birdman, thanks for your reply. that line could not be found. perhaps this is the one?

use vars qw($comments);
$comments = process_html($inputs{comments}, $line_breaks, $allow_html);

Yes, that's the one. Now, see if you can find this block of code:

sub process_html {

...
...

}

Post that section and we should be ready to solve the problem.

I imagine this should work, but it will be wise to look at the function to be sure:

$comments = process_html($inputs{comments}, $line_breaks, $allow_html);
$comments = process_html($comments, $line_breaks, $allow_html);

Basically, running your iunput through the processing function a second time.

here it is:

sub process_html {
my ($text, $line_breaks, $allow_html) = @_;

cleanup_html( $text,
$line_breaks,
($allow_html? \%safe_tags : {})
);
}

Wow, the programmer created a function for the sole purpose of calling another function. Not very slick. Anyhow, you need to dig again. This time looking for the function, cleanup_html.

Sorry, troubleshooting can be a hassle sometimes.

dont apologise birdman. much appreciated.

cleanup_html( $text,
$line_breaks,
($allow_html? \%safe_tags : {})
);
}

BEGIN
{
%html_entities = (
'lt' => '<',
'gt' => '>',
'quot' => '"',
'amp' => '&',