Posted 8 months ago #
When an admin (not super admin) is making a post that includes iframe ect, the code is getting stripped out since the latest update. Any suggestions?
Example...
<script type="text/javascript">
document.write("Hello World!")
</script>
Which should spit out a page that simply says "Hello World!"
is having the tags stripped from it so that instead you get "document.write("Hello World!")"
Something is removing the <script> </script> tags.
Posted 8 months ago #
This is not an error, this is how Multisite works.
Only the super admin may use unfiltered HTML.
What kind of posts are your users trying to make? If it's embeding, you can add these in as shortcodes or use the built in ones: http://codex.wordpress.org/Embeds
Posted 8 months ago #
Hi, thanks for the reply.
However I have a demo site set up identical to the one I am having trouble with.
3.4.1 a regular admin can add unfiltered html
3.4.2 a regular admin can't.
No plug ins for admin controls installed
Posted 8 months ago #
Yeah, it was actually a pretty major bug in 3.4.1.
Posted 8 months ago #
The fact that admins could place unfiltered html was a bug?
Posted 8 months ago #
Yes!
Picture this, please: You have a multisite where anyone can make a site (which is pretty common). EvilDude comes and makes a site, finds out he can insert JS to steal the login cookies of any visitor who runs a blog on the same site. The rogue can can then inpersonate any of those users and wreak havoc.
And that's the tip of the iceberg.
While we DO have a way around it, I asked 'Why do they need it?' because ... well I wouldn't give my admins that access, and one of them is my dad!
Posted 8 months ago #
AH, not the dreaded EvilDude! :D
Thanks for the analogy, that helps a lot. Can you tell me how I can allow users to put youtube videos, podcast html in without using a plugin like http://wordpress.org/extend/plugins/unfiltered-mu/ ?
I am sorry I don't get the embed link you sent. Sorry for the slowness here. Could you give me an example that would work?
Thanks!
Posted 8 months ago #
YouTube... Literally paste the URL in.
Read http://codex.wordpress.org/Embeds - its the very top part "In a nutshell..." that you want :)
Posted 8 months ago #
Thanks Mika,
I have all of those settings set up on my site and sub-sites, however when an admin tries to make a post with any html in it at all it strips it out, regardless of what my media subpanel is set at for embeding.
For example they were unable to copy and paste other articles that had hyperlinks in them or images that linked to pages outside of their site, as it returned a 404 page.
Another example, when an admin tried to add the embed code for podcaster.com when he saved the page it stripped the code and the player out completely.
Posted 8 months ago #
What embed code is he using?
[embed]http://youtube.com/lkjdflshdfsdkdf[/embed]
That's what you use for Youtube. Or just this on a line all it's own:
http://youtube.com/lkjdflshdfsdkdf
PodCaster isn't listed here: http://codex.wordpress.org/Embeds#Okay.2C_So_What_Sites_Can_I_Embed_From.3F
So the odds are it's not gonna work unless you w
You must log in to post.
