Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: 1.0.1 upgrade breaks HTML in welcome text block


Andy Peatling
Keymaster

@apeatling

15 years, 6 months ago

There is an attribute_escape() call added to the content of the widget in 1.0.1, otherwise the widget poses as a potential security threat (unfiltered html).

You can remove the attribute_escape() call on line 42 of bp-core-widgets.php but you might be better off duplicating the widget and creating your own unfiltered version. You should be careful with this though.

Forums

Views

Feeds

Tags

404 activation activity Activity activity stream admin admin bar ajax avatar avatars bbPress blog blogs buddypress Buddypress bug child theme comments css custom directory edit email error facebook fatal error filter forum forums friends group groups header help installation link links login member members menu message Messages multisite navigation notification notifications page pages php plugin plugins post posts privacy private problem profile Profile Fields profiles redirect register registration search sidebar spam template theme themes update upgrade upload URL user username users widget widgets wordpress xprofile
Skip to toolbar