WordPress.org

Ready to get started?Download WordPress

Forums

Enable HTML in term descriptions (7 posts)

  1. rh3sus
    Member
    Posted 4 years ago #

    I have a site that I started building on version 2.8 that relies heavily on custom taxonomies.

    I need to use html in my term descriptions for adding pictures e.t.c.

    In 2.8 I added
    remove_filter( 'pre_term_description', 'wp_filter_kses' );in my functions.php which enabled html in the term descriptions.
    Since upgrading to 2.9 this no longer works, and html is filtered out of the descriptions on display (it is still saved in the editor).

    I have a feeling this may have something to do with

    Add a 'the_terms' filter

    or

    # Filter fields through kses upon display and introduce sanitize_user_object() and sanitize_user_field()

    mentioned in the 2.9 Codex but don't know how I can override this.

    So, does anyone know how I can enable html in term descriptions as of 2.9?

  2. rh3sus
    Member
    Posted 4 years ago #

    The resolution for this can be found in this other thread : http://wordpress.org/support/topic/348400?replies=8

  3. Mark / t31os
    Moderator
    Posted 4 years ago #

    I hope you're sanitizing the input then since you're removing the filter that would normally do that for you.

  4. rh3sus
    Member
    Posted 4 years ago #

    I'm not sure I follow you.
    The way I see it, filling in term/tag descriptions is a higher role level action by default (I forget which exactly but a reasonably high role level is required).
    Therefore in removing this filter, I am stopping filtering of what administrators(/editors) edit in to the term description.
    I'm not really worried about admins SQL injecting ;)

    That was how I thought this worked anyway, please correct me if I am wrong.

  5. Mark / t31os
    Moderator
    Posted 4 years ago #

    Yes, you're not wrong, only higher roles can make use of that field and potentially inject code, but a user reading this thread may not make that connection, so i'm simply pointing it for the sake of clarity should anyone else want to adopt your code for their own uses.

    ;)

  6. rh3sus
    Member
    Posted 4 years ago #

    Ok then, I think your concern is a fair one.

    As I said in the other thread, the best/most secure way to do this would be to add the required html elements into $allowed tags and leaving the filter in place; but this would be lost on each wordpress upgrade. I might consider making a plugin to do this in future but my priority initially was in getting the functionality of the site back.

  7. Mark / t31os
    Moderator
    Posted 4 years ago #

    Totally agree, the allowed tags would be favourable.

    I took a quick peak at kses.php after looking at a few codex pages and noticed the following just above the allowed tags array..

    /**
    	 * Kses global for default allowable HTML tags.
    	 *
    	 * Can be override by using CUSTOM_TAGS constant.
    	 *
    	 * @global array $allowedposttags
    	 * @since 2.0.0
    	 */

    I can't find much documentation relating to the CUSTOM_TAGS constant though, so i'm not sure exactly what the above comments mean when they say override, and how you'd utilise that constant to define your own.

    There's also this, but the documentation doesn't give a clear example of it's use.
    http://codex.wordpress.org/Function_Reference/wp_kses_hook

    function wp_kses_hook($string, $allowed_html, $allowed_protocols) {
    	$string = apply_filters('pre_kses', $string, $allowed_html, $allowed_protocols);
    	return $string;
    }

    No clear idea how it should be used, or how you'd define your own, or additional allowed tags..

    I'm sure if you were to play around with a few filters it would make sense though..

    Not sure if the above interests, or makes much sense to you, but since you mentioned a possible interest in writing a plugin, i thought i'd give you a head start with the above ... :)

Topic Closed

This topic has been closed to new replies.

About this Topic