63 pointsSerious WPMU DEV-sterI'm new here
Kalu Wu
Member
—
14th June 2010 11:28
This is a wired situation, I recently installed a new WP.MU site, and I try to add a HTML code when editing the contact page. First, I switch to HTML mode in page editing, then I copy the code and paste in the content, and update the page. Before I update the page, I have tried to see the visual mode to make sure the form is correct, it did correctly appear on the visual mode. But, after I updated the page, the form broke, and the HTML broke too.
I have tried several time with and without switch to the visual mode, or even disable the visual mode, but it still the problem.
However, other WP or WP.MU site that I created works fine, and do not have this wired problem at all. Don't know what is going on.
This is a wired situation, I recently installed a new WP.MU site, and I try to add a HTML code when editing the contact page. First, I switch to HTML mode in page editing, then I copy the code and paste in the content, and update the page. Before I update the page, I have tried to see the visual mode to make sure the form is correct, it did correctly appear on the visual mode. But, after I updated the page, the form broke, and the HTML broke too.
I have tried several time with and without switch to the visual mode, or even disable the visual mode, but it still the problem.
However, other WP or WP.MU site that I created works fine, and do not have this wired problem at all. Don't know what is going on.
6593 pointsLike some sort of WPMU DEV GodExceptionally helpfulLifetime member
Keeper of the Dark Chocolate
—
14th June 2010 12:05
#
Form codes (along with embeds, javascripts and the like) are stripped from all wpmu input. That's how the software works as it would be a major security risk if it was allowed. If you searched the regular mu forums as well as these, you should see many threads on this topic along with workarounds if you want to bypass the security features. (And become another blogspot)
You can either use the unfiltered html plugin or our additional tags plugin. DO NOT make unfiltered html plugin available to other blogs if your site is open to public signups!
Man, Aaron, thank you so much, I wish I can buy you a dinner or something. I use the unfiltered html plugin, and it becomes normal. But, you said DO NOT make unfiltered html plugin available to other blogs if my site is open to public signups. What does it mean exactly. I am the hosting reseller, and I want to host wpmu site for my clients, if this issue happens again, can I use the unfiltered plugin to solve the issue? I would like to make the assumption that their wpmu Websites should all open to public signups.
You can use something like wpmu Plugin Manager to limit the plugin only to site admin's or specific blogs.
The reason WPMU strips code like that is it would be a huge security risk. Anyone could put code in there to redirect to a virus, steal peoples credentials, and even take down your whole site.
Understood. I have found another good alternative to solve this problem, I just deactivate the unfiltered plugin, and use the shortcode generator instead. It does not work with HTML, but it work with shortcode in visual editing mode. So, I do not have to take the risk to use unfiltered plugin in a public open site, I just use the shortcode.
Is unfiltered-mu plugin part of the install package from premium.wpmudev? I don't remember installing it but it's in my mu-plugins folder. Would you suggest removing it and downloading and activating additional tags? Does additional tags have any security concerns? If I were to take out unfiltered-mu and add in additional tags plugin could it negatively impact previous posts?
@aaron,
Sounds terrific but i'm at a lost in figuring out how to whitelist certain tags and attributes with the additional tags plugin. I can't seem to find that info anywhere. Could you point me in the right direction?
Responses (10)
Keeper of the Dark Chocolate — 14th June 2010 12:05 #
Form codes (along with embeds, javascripts and the like) are stripped from all wpmu input. That's how the software works as it would be a major security risk if it was allowed. If you searched the regular mu forums as well as these, you should see many threads on this topic along with workarounds if you want to bypass the security features. (And become another blogspot)
Member — 14th June 2010 17:02 #
Thanks for the advice. I have posted my problem to the mu.wordpress.org. However, still waiting for my result. -_-!
Lead Developer — 14th June 2010 17:36 #
You can either use the unfiltered html plugin or our additional tags plugin. DO NOT make unfiltered html plugin available to other blogs if your site is open to public signups!
Member — 14th June 2010 21:27 #
Man, Aaron, thank you so much, I wish I can buy you a dinner or something. I use the unfiltered html plugin, and it becomes normal. But, you said DO NOT make unfiltered html plugin available to other blogs if my site is open to public signups. What does it mean exactly. I am the hosting reseller, and I want to host wpmu site for my clients, if this issue happens again, can I use the unfiltered plugin to solve the issue? I would like to make the assumption that their wpmu Websites should all open to public signups.
Lead Developer — 14th June 2010 22:26 #
You can use something like wpmu Plugin Manager to limit the plugin only to site admin's or specific blogs.
The reason WPMU strips code like that is it would be a huge security risk. Anyone could put code in there to redirect to a virus, steal peoples credentials, and even take down your whole site.
Member — 14th June 2010 22:34 #
Understood. I have found another good alternative to solve this problem, I just deactivate the unfiltered plugin, and use the shortcode generator instead. It does not work with HTML, but it work with shortcode in visual editing mode. So, I do not have to take the risk to use unfiltered plugin in a public open site, I just use the shortcode.
Member — 15th June 2010 16:51 #
Is unfiltered-mu plugin part of the install package from premium.wpmudev? I don't remember installing it but it's in my mu-plugins folder. Would you suggest removing it and downloading and activating additional tags? Does additional tags have any security concerns? If I were to take out unfiltered-mu and add in additional tags plugin could it negatively impact previous posts?
Thanks,
Ricky
Lead Developer — 15th June 2010 17:01 #
Unfiltered MU lets anything through. Additional tags just lets you whitelist certain tags and attributes that you feel would be safe on your site, like maybe form fields or flash embed code.
http://wpmu.org/unfiltered-mu-fixed-up-for-wpmu-2-8-4a/
http://wordpress.org/extend/plugins/unfiltered-mu/
Member — 15th June 2010 18:43 #
@aaron,
Sounds terrific but i'm at a lost in figuring out how to whitelist certain tags and attributes with the additional tags plugin. I can't seem to find that info anywhere. Could you point me in the right direction?
Lead Developer — 15th June 2010 18:51 #
I think there is an example in the source of the plugin. You need to be familiar with PHP arrays.
Become a member