Plugin Author
Jason
(@themeblvd)
Hello,
I’ve actually been using this plugin awhile on my own support forums. So, I’ve seen some of the odd issues you’re trying to describe, as well. I’m trying to tackle some of them. It’s just very difficult with the way bbPress sanitizes the content of topics and posts.
Would be able to give me some more specific examples of things you’re doing that aren’t working? Also any examples you give, make sure to let me know if you’re doing in them pre or code tags.
Here’s one main thing I’ve noticed that plays a big roll:
1) If a normal non-moderator user posts anything with >
or <
that is not part of a standard HTML tag (like maybe in a PHP code snippet) it will get changed in the HTML special character conversion like & g t ; (without spaces)
Yup seems like it.
In my tests I can post PHP just fine, Simple PHP that is.
Like –
<?php echo "something"; ?>
If there are a bunch of if() and foreach() it gets confused and shows either half the php or strips it out. And it only kinda works for admin users. Normal users get the code stripped out from what i’ve seen.
HTML doesn’t work at all. Or at least something like this doesn’t –
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="729" height="90" id="SOMENAME">
<param name="movie" value="%image%">
<param name="quality" value="high">
<embed src="%image%" quality="high" width="729" height="90" name="SOMENAME" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>
</object>
This exact bit works fine with Codecolorer (other plugin) on WP pages though.
I encourage everyone to use <pre>
But I’ve tested with both after I got some complaints. <code>
and <pre>
yield the same results on both admin and user accounts.
Ultimately the plugin is fairly useless as it is now. Unfortunately.
Perhaps you can save the day 😉
Plugin Author
Jason
(@themeblvd)
Thanks bearing with me on this one. This is such a tricky plugin to code for bbPress. Try out v1.0.3 of this plugin, and let me know if you’re still having problems.
I would imagine it’s still not perfect. So, feel free to let me know if you come across any other odd things. And as always, any specific examples where you’re running into issues are really helpful.
Hahaaa! You fixed it!
http://www.adrotateplugin.com/support/forums/topic/test-post/
Check it out – Me with Avatar = admin, without avatar = regular user.
Plugin Author
Jason
(@themeblvd)
Perfect. The trick to bypass WP’s kses and stripping of the HTML tags without removing any security-related things was to apply htmlspecialchars()
all content between pre and code tags before saving each topic and reply. — So if you ever switch to some other plugin that uses some sort of code formatting on the topics/replies after they’re displayed (as I was trying to do before), there might be some issues, but I’m not sure how else this could have been done.
I cross fingers for WP 3.6 then. Which is said to change a bunch of stuff in that department in core. But thanks for the effort!