Remove ability for mods to use HTML in announcements

[AdminAdmin is verified member.]

Currently is someone is able to hack into one your of moderator accounts they could use it to launch a XSS assack since they could select the option to use HTML in announcements.

To fix this open modcp/announcement.php

Change

print_yes_no_row($vbphrase['allow_html'], 'announcementoptions[allowhtml]', ($announcement['announcementoptions'] & $vbulletin->bf_misc_announcementoptions['allowhtml'] ? 1 : 0));

to

//print_yes_no_row($vbphrase['allow_html'], 'announcementoptions[allowhtml]', ($announcement['announcementoptions'] & $vbulletin->bf_misc_announcementoptions['allowhtml'] ? 1 : 0));

All you are doing is commenting it out. You will need to do this each time you upload a new version of vbulletin.