id and class in div tags in html view for non super admin

  • I’m posting this in multi-site since it only impacts users that are not super-admins. it impacts users that are admins of their sites, therefore leading me to believe this is specific Multisite behavior.

    None of my users with any privileges, going up to administrators on their site can add id or class in html elements in the html view of tinymce. even thought I have this code which I believe allows it:

    function addabitofclass( $tags ) {
    global $allowedposttags;
    foreach( $allowedposttags as $tag => $attr ) {
    $attr[ ‘class’ ] = array();
    $attr[ ‘id’ ] = array();
    $attr[ ‘style’ ] = array();
    $allowedposttags[ $tag ] = $attr;
    }
    return $allowedposttags;
    }
    add_filter( ‘edit_allowedposttags’, ‘addabitofclass’ );

    as a sidenote, what happens is that the element stays there with all the parameters stripped out.

    Is there something that overwrites it for multisite? What can I do to let them use certain params? (I understand why there are restrictions and we don’t want them to have full access to put in script and iframes and the like, but I feel comfortable with my user base giving them these)

    Thank you in advance,

    -S

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Yes, users are more restricted on MultiSite.

    If you REALLY trust your users, look for the Unfiltered HTML plugin. But never, ever, EVER install it on a setup with open registration.

    Thread Starter Stéphane Boisvert

    (@sboisvert)

    Thanks Ipstenu, I might modify this and enable it for my Administrators as the only people who are ever given admin roles are staff. Looking at the code this removes all of kses which is good for them, but if possible I would want to give every user role, the ability to use the id, class and style attributes.
    I would suspect there is a hook for that, I thought it would be edit_allowedposttags but that either has changed or I’m just not getting it.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    No, it’s coded in kses I think. But that plugin would have the info.

    Thread Starter Stéphane Boisvert

    (@sboisvert)

    it uses kses_remove_filters() to give admin and editors the permissions required. So its more the shotgun approach.
    But good news, and for future people searching this, the way I solved it was to have a hook on init create a new list of custom_tags by defining CUSTOM_TAGS, you need to fully replicate all of $allowedposttags,$allowedtags and $allowedentitynames (start with the original list from wp-includes/kses.php ) you’ll see it only loads the built in list if CUSTOM_TAGS is not already defined. and add the parameters you want to the tags you want. You can also vary based on the user role there.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘id and class in div tags in html view for non super admin’ is closed to new replies.

Tags