No, I’m not testing theme under wpmu.
CSS editor is unsafe, but without rights you can’t edit any CSS files
Thread Starter
Ovidiu
(@ovidiu)
unfortunately something broke with this post, I can no longer see to what plugin/theme this thread was related to 🙁
so unfortunately I can’t remember what I was looking at when I asked for wpmu compatibility ;-(
Thread Starter
Ovidiu
(@ovidiu)
ah, now I saw the constructor tag, it was the constructor theme 😉
btw. can you give me a hint what lines to comment out to disable the css editor? unfortunately the rights are set so it will work if its enabled on my wpmu install..
Open file admin/settings.php and go to line#142
$modules = array(
'themes',
'layout',
'sidebar',
'header',
'content',
'footer',
'colors',
'fonts',
'css', // it's CSS editor
'images',
'slideshow',
'export',
);
Thread Starter
Ovidiu
(@ovidiu)
does the footer take only text or can dangerous code be inserted too? aka javascript, php code, etc?
seeing that the image section allows upload, I think this makes the theme completely unusable with wpmu, as uploads should only be permitted in user owned folders 🙁
@ovidiu:
I never use WPMU 🙁
In next version I will add special modules for WPMU, please wait me 🙂
What modules need to change? Footer (to allow only HTML), Images (for upload files to user folders) and … ?
Thread Starter
Ovidiu
(@ovidiu)
basically its like this:
in wpmu there are no editors, no theme or plugin editors as changes affect all users. so one user who can insert js code or some malicious php code can crash the whole server.
Basically html inserts should be fine, as long as they get fitlered through kses as usual, as no iframes and embeds are allowed.
Images are uploaded to the user folder, so you msut determin the src.
usually in a vhost installation, it looks like this: mydomain.com/wp-cotnent/blogs.dir/$Blog_ID/files and each user has his files here: user.mydomain.com/wp-cotnent/blogs.dir/$Blog_ID/files while the Blod_ID is unique for each blog but there is a wp variable for it.
I hope this helps.
