This appears to improve the security of this - [Visual Editor Biography] Review | WordPress.org

lectest1
(@lectest1)

7 years, 3 months ago
Nice, straightforward plugin.

Replacing the public function save_filters() function with the following appears to sanitize the input:
```
public function save_filters() {
		
		// Contributor level user or higher required
		if ( !current_user_can('edit_posts') )
			return;
			
		//disable WordPress sanitization to allow more than just $allowedtags from /wp-includes/kses.php
		remove_filter('pre_user_description', 'wp_filter_kses');
		//add sanitization 
		add_filter( 'pre_user_description', 'wp_filter_post_kses');
	}
```
Credit for the sanitize snippet to: http://badlywired.com/2015/03/allow-html-in-user-description/ (although it may be seen on 1 or 2 other posts/sites).
- This topic was modified 7 years, 3 months ago by lectest1.
- This topic was modified 7 years, 3 months ago by lectest1.

The topic ‘This appears to improve the security of this’ is closed to new replies.

In: Reviews
0 replies
1 participant
Last reply from: lectest1
Last activity: 7 years, 3 months ago