Skip to:
Content
Pages
Categories
Search
Top
Bottom

Buddypress’s rich text editor has security issues


  • locker17
    Participant

    @locker17

    4 months, 2 weeks ago

    I ask on the troubleshooting forum for a solution to update the old tinymce version with no answers.

    TinyMce 4.9 which WordPress and Buddypress implements has security issues and probably won’t be updatet anymore. See this: https://core.trac.wordpress.org/ticket/47218

    Would it be possible using the current tiny version from cloud which is 7 by now? This allows admins use the editor further without the danger of beeing hacked. Question to the developers.

    At the moment you can’t because of conflicts when using both versions on the same textarea field.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Renato Alves
    Moderator

    @espellcaste

    4 months ago

    I think Core should fix it first and then BuddyPress would inherit the update. Unlikely we will invest time into it since we plan to move things into the block editor.


    Renato Alves
    Moderator

    @espellcaste

    4 months ago

    Also, the “security issues” as far as the ticket indicates, are not applicable to the version WordPress uses. Meaning that WordPress is updating to the versions without those issues.


    locker17
    Participant

    @locker17

    4 months ago

    Nevertheless using this old editor isn’t a good approach even they are no current security issues. Better would be, let admins easy use any other editor they want.

    To make tinymce 7 work cost me days and sleepless nights. Meanwhile I also found a solution to remove the rich text option and avoid core mods. But I still had to modify kses to prevent WordPress/BP from stripping off my br and p tags afterwards on Tiny 7.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Topic Info

Skip to toolbar