Support » Networking WordPress » Multisite Admins – editing custom HTML, inline SVG or script tag breaks page

  • abhishaahuja

    (@abhishaahuja)


    I have a multisite network website built on Divi theme.

    I’m facing some weird issues with user capabilities. We have some pages created with raw HTML sections, inline SVG and script tags on multisite. When Site Admin edit/save these pages, the page breaks and shows raw code on the page. The page UI breaks completely and looks a mess! But Super Admins have no troubles in adding, editing, saving pages with HTML, inline SVG and script tags.

    I think there is a WP role capability issue here. I have already been in touch with Divi theme support team and ran tests with them. These tests confirmed that this issue exists on WP default theme too. So it does not seem to be related to just one theme.

    While investigating, I have tried to use plugin – ‘User Role Editor’, where I gave users capabilities like – unfiltered_html, edit_files, but this made no difference on the issues I’m facing. The indications seem to be of role capability for Site Admins on multisite, but I fail to understand which capability might be causing this issue. Could there be something else?

    This issue is causing a major trouble to me and site admins. I can’t make all Site Admins – Super Admins. And we have scripts, inline SVG and raw HTML on many pages, which will not be possible to avoid. Hence I seek help within WP community to help me resolve this issue.

    • This topic was modified 5 months ago by James Huff. Reason: moved to Networking WordPress since this is a multisite question

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • I think there is a WP role capability issue here. I have already been in touch with Divi theme support team and ran tests with them. These tests confirmed that this issue exists on WP default theme too. So it does not seem to be related to just one theme.

    Yes, it’s a role capability issue. But that’s by design: it’s a feature, not a bug.

    If you check the WordPress roles and capabilities documentation, it’s clearly stated under “Additional Admin Capabilities” that ONLY Super Admins have the unfiltered_html capability (among others).

    While investigating, I have tried to use plugin – ‘User Role Editor’, where I gave users capabilities like – unfiltered_html, edit_files, but this made no difference on the issues I’m facing. The indications seem to be of role capability for Site Admins on multisite, but I fail to understand which capability might be causing this issue. Could there be something else?

    That just means the plugin is unable to effectively grant these capabilities to the “admin” user role in a multisite environment. Indeed, I just installed the plugin to test, and I see both unfiltered_html and edit_files capabilities marked as “Deprecated” (even though WordPress hasn’t deprecated these capabilities). Here’s a 10-year-old post from the plugin’s author about this and why this feature doesn’t work in a multisite environment: https://shinephp.com/is-unfiltered_html-capability-deprecated/

    This issue is causing a major trouble to me and site admins. I can’t make all Site Admins – Super Admins. And we have scripts, inline SVG and raw HTML on many pages, which will not be possible to avoid. Hence I seek help within WP community to help me resolve this issue.

    Try the “Unfiltered MU” plugin. It’s developed by Automattic, and even though it’s not been updated in 3 years, it still works. https://wordpress.org/plugins/unfiltered-mu/

    Good luck!

    Thread Starter abhishaahuja

    (@abhishaahuja)

    Thanks a lot George! For the detailed explanation. While my trials, I did see the “unfiltered_html” capability as deprecated on the User Role Editor plugin and wondered if it was being used by WP or not. All that makes sense now.

    And thanks for pointing me towards “Unfiltered MU” plugin. I’ve done a few tests and activating the plugin on one of the sites seems to be working for the Admins editing the raw HTML or inline SVG.

    I hope “Unfiltered MU” plugin will continue to work…and will not posses any threats to the site.

    Many thanks again!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.