Support » Plugin: Wordfence Security - Firewall & Malware Scan » 403 redirection while trying to post YouTube video

  • Hi everyone,

    Before all, Im using :

    Wordfence v7.1.20
    WP v5.0.2
    A custom theme

    Im facing a really awkward issue.

    Im built a forum with bbPress, and and I add the video/media button to it.
    When some users are trying to post a video, they get a 403 redirection.

    I was able to whitelist this action, but just for me.
    What could I do to whitelist this action for everyone ? Any idea ?
    Cheers,

    Champy.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Support wfdave

    (@wfdave)

    Hi @chaaampy,

    I just did some testing myself, can you try following these steps to whitelist posting videos for everyone?

    1. Go to Wordfence -> All Options
    2. Scroll down until you find Whitelisted URLs
    3. Put /forums/ for the URL (this should be Settings -> Forums -> Forum root)
    4. Select Param Type: POST Body for the dropdown
    5. Put bbp_reply_content for the Param Name
    6. Click Add
    7. Repeat steps 3-6, but put bbp_topic_content for the Param Name
    8. Click Save Changes in the top right corner

    For example: https://i.imgur.com/L3ldyIi.png

    Dave

    Hi Dave,

    Sorry I didn’t get a mail for your reply.
    After following what you said, I don’t get a 403 anymore, but … my iframe is not displayed properly.

    I just get it as some text, so for example :

    1. I put my video in my topic / reply
    2. I get the right previsualisation in the tinyMCE editor
    3. When I post it, I just get the code printed like this <iframe src= »//www.youtube.com/embed/FPE3IuTD_Ck » width= »560″ height= »314″ allowfullscreen= »allowfullscreen »></iframe>, but as a simple text.

    Any idea about that ?
    Cheers,

    Chaaampy.

    Plugin Support wfdave

    (@wfdave)

    Hi again,

    bbPress has a list of allowed tags, can try these steps?

    1. Edit /wp-content/plugins/bbpress/includes/common/formatting.php
    2. Add the following code at the end of the list:

            //iframes
            'iframe'              => array(
                'src'             => true,
                'width'           => true,
                'height'          => true,
                'allowfullscreen' => true
            )

    For example: https://i.imgur.com/hKj7jUa.png

    Remember to add , at the end of ) for the previous block.

    3. Save and test again

    Dave

    Hi Dave,

    Thanks for the answer.
    After following your steps, I tried to post some video again with a classic user account and … I got literally nothing. I mean, nothing is printed, neither code nor text.

    I really don’t understand that issue …

    And btw, that modification will be erased while the next update of bbPress plugin right ?

    Chaaampy.

    Plugin Support wfdave

    (@wfdave)

    Hi again!

    I just finished testing, and I think I found a way to get it working, even when bbPress is updated.

    Please try this out:

    1. Download this script: https://gist.github.com/ntwb/7797990
    2. Save that file as /wp-content/plugins/ntwb_bbpress_custom_kses_allowed_tags.php
    3. Edit that file, and put the same changes we did above ( Example: https://i.imgur.com/rnqr5fd.png )
    4. Edit /wp-includes/kses.php, and add the same thing ( Example: https://i.imgur.com/0eUkTBD.png )
    5. Go to Plugins -> Installed Plugins -> Activate bbPress - Custom KSES Allowed Tags ( Example: https://i.imgur.com/2e0iJL7.png )

    Dave

    Hi Dave !

    Sorry I couldn’t answer you before today.
    Your snippet is working like a charm, you made my day mate !
    Cheers !

    Chaaampy.

    Btw, one of my users just told me that solution didnt work when he was editing one of his own original post on the forums …

    Plugin Support wfdave

    (@wfdave)

    Hi again,

    Let me do some more investigating / testing with this script, and I’ll get back to you when I can! 🙂

    This is no longer caused by Wordfence, as bbPress does filter out HTML posted by regular users. (Wordfence blocks show up as 403, whereas bbPress would remove the HTML code)

    Dave

    Hey Dave !

    Thanks for your support / time.
    Btw Im not sure that this is no longer caused by Wordfence since when I tried (as an admin) to edit my forum message with a video, I were asking to whitelist the action (well that’s what I remember).
    Let me know if you need more information.

    Tony.

    Hi Dave,

    So did you find something ?
    Regards,

    Tony.

    chaaampy

    (@chaaampy)

    Btw I build a custom shortcode to add some spoiler in my bbPress forum, some classic stuff like this :

    // [spoiler] shortcode
    function shortcodeSpoiler($params = array(), $content) {
    
      // default parameters
      extract(shortcode_atts(array(
        'type' => ''
      ), $params));
    
      // create spoiler
      return
        '<button class="btn spoiler-button mt-2 mb-2" type="button" data-toggle="collapse" data-target="#collapseExample" aria-expanded="false" aria-controls="collapseExample"' .
        ($type ? " class=\"$type\"" : '') .
        '>Spoiler</button>
        <div class="collapse spoiler-content mb-2" id="collapseExample">
            <div class="card card-body">
                '. do_shortcode($content) .'
            </div>
        </div>';
    }
    add_shortcode('spoiler', 'shortcodeSpoiler');

    And when I post a YT video into it, I had to whitelist the action again …

Viewing 11 replies - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.