the tags that are allowed are defined in wp-includes/kses.php
Thread Starter
WhyNot
(@whynot)
Epicalex,
Thank you for answering. If I may, can I pick your brain a bit more, lol:
I see 2 lines:
$allowedposttags = array….
$allowedtags = array …
The first one has millions of tags, so that would be the one that a publishing member could use, right?
Wherea the second line only has a restricted number of tags, so that would be what people commenting can use?
Am it guessing right? Sorry I’m not very good at PHP stuff.
The other question I have is:
Is there any great danger in allowing all tags in comments? Say, for instance, it I copy paste the first line into the second one, giving effectively any commentor access to the entire palette of tags an Admin has (assuming I have understood it right, of course), am I putting myself at some major risk of someone doing something really nasty?
So far, the only tags that are actually a pain (because of SPAM) are the URL tags, and ironically enough they are allowed for commenters. But I am wondering if some of the Admin allowed tags could really screw up the blog if used by a malicious commenter.
bumping this because i’d love to hear any answer to WhyNot’s query. I’ve modified $allowedtags in kses.php so that non-admin commenters can post ONE image. Sorrowfully, if they post any more than one image the whole comment gets stripped! Many of my commentors are pissed because they previously could post as many images as they wanted in Moveable Type. They’d also like to post youtube embed links and can’t within wordpress! WordPress!! why doth you suck!!
sorry.. just frustrated after hours trying to solve this.
Thank you kindly for any support!!!
e
That would be “dost” rather than “doth” (2nd person rather than 3rd). But don’t you think “Why suckest thou?” would sound better in any case?
Anyway, I’m afraid that beyond a pedantic knowledge of archaic English grammar I can’t be of help in this case, although the bump may be of assistance.
