Skip to:
Content
Pages
Categories
Search
Top
Bottom

1.0.1 upgrade breaks HTML in welcome text block

  • Avatar of Joss Winn
    Joss Winn
    Participant

    @josswinn

    I’ve just upgraded to 1.0.1 and noticed that the welcome text widget no longer displays HTML. Is this intentional? :-( I’m using the default BuddyPress themes with no modifications (and I didn’t upgraded them).

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Avatar of wpmubp.org
    wpmubp
    Participant

    @takuya

    what’s ur link?

    HTML filters are normally managed by KSES not buddypress, but maybe there’s a new function that filters HTML.

    Avatar of Andy Peatling
    Andy Peatling
    Keymaster

    @apeatling

    There is an attribute_escape() call added to the content of the widget in 1.0.1, otherwise the widget poses as a potential security threat (unfiltered html).

    You can remove the attribute_escape() call on line 42 of bp-core-widgets.php but you might be better off duplicating the widget and creating your own unfiltered version. You should be careful with this though.

    Avatar of Joss Winn
    Joss Winn
    Participant

    @josswinn

    Thanks for your quick response, Andy.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.