admin管理员组文章数量:1122826
I am trying to create a custom role in a wordpress multisite environment. This role is to have the same capabilities as an admin but also have the ability to commit unfiltered HTML like super admins. I have had success in creating the role and set unfiltered_html to true, but the text editor still strips Iframes and other html elements. Below is my PHP code for the new role which I have named 'developer'.
function add_developer()
{
//remove role if it already exists
if( get_role('developer') ){
remove_role( 'developer' );
}
//custom user role for unfiltered_html
$result = add_role('developer', __('Developer' ),
array(
'read' => true,
'activate_plugins' => true,
'delete_others_pages' => true,
'delete_others_posts' => true,
'delete_pages' => true,
'delete_posts' => true,
'delete_private_pages' => true,
'delete_private_posts' => true,
'delete_published_pages' => true,
'delete_published_posts' => true,
'edit_dashboard' => true,
'edit_others_pages' => true,
'edit_others_posts' => true,
'edit_pages' => true,
'edit_posts' => true,
'edit_private_pages' => true,
'edit_private_posts' => true,
'edit_published_pages' => true,
'edit_published_posts' => true,
'edit_theme_options' => true,
'export' => true,
'import' => true,
'list_users' => true,
'manage_categories' => true,
'manage_links' => true,
'manage_options' => true,
'manage_comments' => true,
'promote_users' => true,
'publish_pages' => true,
'publish_posts' => true,
'read_private_pages' => true,
'read_private_posts' => true,
'remove_users' => true,
'switch_themes' => true,
'upload_files' => true,
'unfiltered_html' => true
)
);
if ( null !== $result ) {
echo 'Yay! New role created!';
}
else {
echo 'Oh... the basic_contributor role already exists.';
}
}
I am working in a team to convert a huge website with thousands of pages and would like to avoid giving everyone super admin access. Is there anyway that I can avoid the html filter for only specific user roles? If not is there anyway to do this for specific users? I would like to avoid altering core and don't mind removing all filtering. I am currently testing this in my functions.php file of my theme but will eventually write a plugin to this.
I am aware of the security risks that will be present due to users being able to post javascript but my team is willing to live with this if we do not have to explicitly give the whole team superadmin access.
Any help is much appreciated!
I am trying to create a custom role in a wordpress multisite environment. This role is to have the same capabilities as an admin but also have the ability to commit unfiltered HTML like super admins. I have had success in creating the role and set unfiltered_html to true, but the text editor still strips Iframes and other html elements. Below is my PHP code for the new role which I have named 'developer'.
function add_developer()
{
//remove role if it already exists
if( get_role('developer') ){
remove_role( 'developer' );
}
//custom user role for unfiltered_html
$result = add_role('developer', __('Developer' ),
array(
'read' => true,
'activate_plugins' => true,
'delete_others_pages' => true,
'delete_others_posts' => true,
'delete_pages' => true,
'delete_posts' => true,
'delete_private_pages' => true,
'delete_private_posts' => true,
'delete_published_pages' => true,
'delete_published_posts' => true,
'edit_dashboard' => true,
'edit_others_pages' => true,
'edit_others_posts' => true,
'edit_pages' => true,
'edit_posts' => true,
'edit_private_pages' => true,
'edit_private_posts' => true,
'edit_published_pages' => true,
'edit_published_posts' => true,
'edit_theme_options' => true,
'export' => true,
'import' => true,
'list_users' => true,
'manage_categories' => true,
'manage_links' => true,
'manage_options' => true,
'manage_comments' => true,
'promote_users' => true,
'publish_pages' => true,
'publish_posts' => true,
'read_private_pages' => true,
'read_private_posts' => true,
'remove_users' => true,
'switch_themes' => true,
'upload_files' => true,
'unfiltered_html' => true
)
);
if ( null !== $result ) {
echo 'Yay! New role created!';
}
else {
echo 'Oh... the basic_contributor role already exists.';
}
}
I am working in a team to convert a huge website with thousands of pages and would like to avoid giving everyone super admin access. Is there anyway that I can avoid the html filter for only specific user roles? If not is there anyway to do this for specific users? I would like to avoid altering core and don't mind removing all filtering. I am currently testing this in my functions.php file of my theme but will eventually write a plugin to this.
I am aware of the security risks that will be present due to users being able to post javascript but my team is willing to live with this if we do not have to explicitly give the whole team superadmin access.
Any help is much appreciated!
Share Improve this question asked Oct 13, 2016 at 19:00 Angelo CAngelo C 211 silver badge2 bronze badges4 Answers
Reset to default 1This had me baffled for a while as well. Not exactly a solution for your problem, but this should get you on your way.
add_action( 'admin_init', 'my_kses_remove_filters' );
function my_kses_remove_filters() {
$current_user = wp_get_current_user();
if ( my_user_has_role( 'administrator', $current_user ) )
kses_remove_filters();
}
function my_user_has_role( $role = '', $user = null ) {
$user = $user ? new WP_User( $user ) : wp_get_current_user();
if ( empty( $user->roles ) )
return;
if ( in_array( $role, $user->roles ) )
return true;
return;
}
This action removes the filters for administrators. First it gets the role of the current user and if the role is 'administrator', it removes the filters on editing content.
This solutions draws heavily from this page.
I found this code to work for me
function multisite_restore_unfiltered_html( $caps, $cap, $user_id, ...$args ) {
if ( 'unfiltered_html' === $cap && (user_can( $user_id, 'editor' ) || user_can( $user_id, 'administrator' ) ) ) {
$caps = array( 'unfiltered_html' );
}
return $caps;
}
add_filter( 'map_meta_cap', 'multisite_restore_unfiltered_html', 1, 4 );
https://gist.github.com/kellenmace/9e6a6fbb92ec75940f23d2a6f01c9b59
Similar to @keetbis, but it didn't work so I modified it to this and it worked:
add_filter(
'map_meta_cap',
function ($caps, $cap) {
$user = wp_get_current_user();
if ($cap === 'unfiltered_html' && !empty($user->roles) && (in_array('administrator', $user->roles, true) || in_array('editor', $user->roles, true))) {
$caps = array('unfiltered_html');
}
return $caps;
},
10,
2
);
Adding an action which calls kses_remove_filters() didn't work for me. I actually had to hack WordPress to achieve this.
The problem is that WordPress has a global override in the method map_meta_cap() in wp-includes/capabilities.php, which ignores the unfiltered_html capability in a multisite install if the user is not a super admin.
Get rid of that override, and you’re sweet. Until you have to update WordPress, of course, and you’ll have to do it all over again.
case 'unfiltered_html':
// Disallow unfiltered_html for all users, even admins and super admins.
if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) {
$caps[] = 'do_not_allow';
// } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
// $caps[] = 'do_not_allow';
} else {
$caps[] = 'unfiltered_html';
}
break;
本文标签: plugin developmentHow to allow Unfiltered HTML in a wordpress multisite install
版权声明:本文标题:plugin development - How to allow Unfiltered HTML in a wordpress multisite install 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736304092a1932112.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论