Skip to:
Content
Pages
Categories
Search
Top
Bottom

HTML in Profile Field again!

  • @friloo

    Participant

    Hello,

    sry for my bad english but i am from Germany.
    I use WordPress 4.1 and Buddypress 2.2.1….

    Now i want to enable HTML for profile fields, because the user want to iframe some soundcloud players. i know it’s a problem fpr security, but thats no problem because only 10 users are allowed tu have a profile.

    i’ve tried to enable html for this fields on this way in the bp-custom.php but i only geht a white site.

    function stuff_i_want_triggered_after_bp_loads(){
    
    remove_filter( 'xprofile_get_field_data', 'wp_filter_kses', 1 );
    
    }
    
    add_action('wp', 'stuff_i_want_triggered_after_bp_loads');

    any idea what i can try now? I really want to enable html.

    kind regards
    friloo

Viewing 7 replies - 1 through 7 (of 7 total)
  • @patrix87

    Participant

    Same problem here,

    I’ve even tried to modify xprofile_filter_kses directly to add img tag without any success.

    Apparently the fields are being filtered more than once.

    here’s my modified code

    function xprofile_filter_kses( $content, $data_obj = null ) {
    	global $allowedtags;
    
    	$xprofile_allowedtags             = $allowedtags;
        $xprofile_allowedtags['a']['img']['rel'] = array();
    
    	$xprofile_allowedtags = apply_filters( 'xprofile_allowed_tags', $xprofile_allowedtags, $data_obj );
    	return wp_kses( $content, $xprofile_allowedtags );
    }
    

    @patrix87

    Participant

    I made some “progress”

    I found this and I can agree that it is still true.
    https://buddypress.trac.wordpress.org/ticket/5971
    Filtering is inconsistent and sometime happens twice.

    I think this should be something to look into somewhat soon.

    Anyway here is the minimum you have to do to turn off html filtering.

    BUT it makes you website a lot more vulnerable to attacks and errors so use it at your own risk.

    Add this code to your child theme function.php

    
    //Unfilter xprofile *risky*
    
    remove_filter( 'bp_get_the_profile_field_value',           'xprofile_filter_kses', 1 );
    remove_filter( 'bp_get_the_profile_field_edit_value',      'wp_filter_kses',       1 );
    remove_filter( 'xprofile_get_field_data',                  'wp_filter_kses', 1 );
    remove_filter( 'bp_xprofile_set_field_data_pre_validate',  'xprofile_filter_pre_validate_value_by_field_type', 10, 3 );
    remove_filter( 'xprofile_data_value_before_save',          'xprofile_sanitize_data_value_before_save', 1, 4 );
    
    

    @patrix87

    Participant

    *(updating tags)

    @danbp

    Participant

    @patrix87,

    if you want your users to upload images on their profile, i suggest you to use MediaPress.


    @friloo
    , i’m using this to add an iframe (for soundcloud) on profiles. On profile, i have a field called Soundcloud and members can enter a track ID. This number is given by Souncloud in the “share” code below each sound.

    function set_video_field( $field_value ) {
    	$bp_this_field_name = bp_get_the_profile_field_name();
    	// field name (case sensitive)
    	if( $bp_this_field_name == 'Soundcloud' ) {
    		$field_value = strip_tags( $field_value );
    $field_value = '<iframe width="100%" height="300" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/'.$field_value.'&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe>';
    	}
    	return $field_value;
    }
    add_filter( 'bp_get_the_profile_field_value','set_video_field');

    The tricky part is related to soundcloud and concern the field_value.
    The original embed code looks like this:
    <iframe width="100%" height="300" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/198713943&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe>

    In this example, it is 198713943, the rest is hardcoded in the function. The user has only to enter the reference number of the track, not the whole embed code.

    Needs probably some tutorial or heavy education 😉

    @patrix87

    Participant

    Nah I don’t want a plugin to upload a picture. I just want to autorize the img tag inside fields.

    Because most of my users use BF4Stats signature blocks.

    and they look like this :

    @danbp

    Participant

    Try the snippet, and modify the field_value
    $field_value ='<a href="http://bf4stats.com/pc/APugNamedFreud" rel="nofollow"><img src="http://g.bf4stats.com/'.$field_value.'/pc/APugNamedFreud.png" alt="" border="0"></a>';

    @patrix87

    Participant

    I found a more reasonable solution than the original.

    simply authorize img tag everywhere.

    I’m working on allowing it only for the signature field but that will not be easy

    simply add that to your function.php

    // Add img tag to wp_kses filter
    
    function gawd_allowed_tags() {
    	global $allowedtags;
    	$allowedtags['img'] = array( 'src' => array () );
    }
    
    add_action('init', 'gawd_allowed_tags', 10);
    
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘HTML in Profile Field again!’ is closed to new replies.
Skip to toolbar