Same problem here,
I’ve even tried to modify xprofile_filter_kses directly to add img tag without any success.
Apparently the fields are being filtered more than once.
here’s my modified code
function xprofile_filter_kses( $content, $data_obj = null ) {
global $allowedtags;
$xprofile_allowedtags = $allowedtags;
$xprofile_allowedtags['a']['img']['rel'] = array();
$xprofile_allowedtags = apply_filters( 'xprofile_allowed_tags', $xprofile_allowedtags, $data_obj );
return wp_kses( $content, $xprofile_allowedtags );
}
I made some “progress”
I found this and I can agree that it is still true.
https://buddypress.trac.wordpress.org/ticket/5971
Filtering is inconsistent and sometime happens twice.
I think this should be something to look into somewhat soon.
Anyway here is the minimum you have to do to turn off html filtering.
BUT it makes you website a lot more vulnerable to attacks and errors so use it at your own risk.
Add this code to your child theme function.php
//Unfilter xprofile *risky*
remove_filter( 'bp_get_the_profile_field_value', 'xprofile_filter_kses', 1 );
remove_filter( 'bp_get_the_profile_field_edit_value', 'wp_filter_kses', 1 );
remove_filter( 'xprofile_get_field_data', 'wp_filter_kses', 1 );
remove_filter( 'bp_xprofile_set_field_data_pre_validate', 'xprofile_filter_pre_validate_value_by_field_type', 10, 3 );
remove_filter( 'xprofile_data_value_before_save', 'xprofile_sanitize_data_value_before_save', 1, 4 );
@patrix87,
if you want your users to upload images on their profile, i suggest you to use MediaPress.
@friloo, i’m using this to add an iframe (for soundcloud) on profiles. On profile, i have a field called Soundcloud and members can enter a track ID. This number is given by Souncloud in the “share” code below each sound.
function set_video_field( $field_value ) {
$bp_this_field_name = bp_get_the_profile_field_name();
// field name (case sensitive)
if( $bp_this_field_name == 'Soundcloud' ) {
$field_value = strip_tags( $field_value );
$field_value = '<iframe width="100%" height="300" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/'.$field_value.'&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe>';
}
return $field_value;
}
add_filter( 'bp_get_the_profile_field_value','set_video_field');
The tricky part is related to soundcloud and concern the field_value.
The original embed code looks like this:
<iframe width="100%" height="300" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/198713943&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe>
In this example, it is 198713943
, the rest is hardcoded in the function. The user has only to enter the reference number of the track, not the whole embed code.
Needs probably some tutorial or heavy education 😉
Nah I don’t want a plugin to upload a picture. I just want to autorize the img tag inside fields.
Because most of my users use BF4Stats signature blocks.
and they look like this :
Try the snippet, and modify the field_value
$field_value ='<a href="http://bf4stats.com/pc/APugNamedFreud" rel="nofollow"><img src="http://g.bf4stats.com/'.$field_value.'/pc/APugNamedFreud.png" alt="" border="0"></a>';
I found a more reasonable solution than the original.
simply authorize img tag everywhere.
I’m working on allowing it only for the signature field but that will not be easy
simply add that to your function.php
// Add img tag to wp_kses filter
function gawd_allowed_tags() {
global $allowedtags;
$allowedtags['img'] = array( 'src' => array () );
}
add_action('init', 'gawd_allowed_tags', 10);