Skip to:

Opened 8 years ago

Closed 8 years ago

#1916 closed enhancement (fixed)

Fancy Editor HTML Role Masks

Reported by: netweb Owned by:
Milestone: 2.3 Priority: normal
Severity: normal Version: 2.1
Component: Front-end Keywords:
Cc: jared@…


Only Admin & Editor Roles can embed images using Fancy Editor -> HTML -> 'img' or pasting <img src=....> code directly, Forum Participant, Forum Moderator, Subscriber, Contributor and Author roles cannot.

Attachments (1)

1916.diff (801 bytes) - added by jaredatch 8 years ago.
proof of concept

Download all attachments as: .zip

Change History (9)

#1 @johnjamesjacoby
8 years ago

Interesting. Thanks.

#2 @johnjamesjacoby
8 years ago

  • Milestone changed from 2.1.2 to 2.2

Going to bump this to 2.2. This involves a bit more work than I'd like to do in a point release, and will require diving into a custom kses and capabilities.

#3 @jaredatch
8 years ago

  • Cc jared@… added

I have a feeling this will get the boot to 2.3, but still raises some questions.

Should subscribers/participants be able to post images in the forums? I haven't seen anyone in the forums asking or complaining about this. In fact, I know a few people who are using bbPress who actually like that their forums can't be spammed with images.

Though I admit if *I* was running a forum, I would like for my users to be able to post images.

Would it maybe warrant a checkbox in the bbPress settings? "Allow forum participants to embed images via HTML" or something of that nature. (don't want them to think merely posting a URL will result in the image being embedded).

#4 @johnjamesjacoby
8 years ago

There's an array of possible editor settings we could enable/disable, and ultimately I think it comes down to the use-case of the forums.

The decisions over options approach makes me think this makes more sense to keep hidden, as is, and letting a third party plugin manipulate kses around what works best for forums.

If there's a glaring oversight where bbPress is leaking something it shouldn't be, or restricting something it shouldn't, there's room for debate. I think images is one of those things, since forum attachments tends to be one of the first things people want.

Let's do this:

  • Get it working correctly, using the existing UI and settings style in bbPress.
  • Put up a patch.
  • See what it looks like, and what needs iteration.
  • Look for 'nice to haves' and discuss them here.
  • Iterate on patch, until it's commit worthy.
  • Commit.
  • Make a trac ticket for future enhancements to the fancy editor experience.
  • Work towards those things on that ticket.
  • Repeat.

#5 @johnjamesjacoby
8 years ago

  • Milestone changed from 2.2 to Future Release

For now, using the teeny editor in 3.5 fixes this for us.

Moving to Future Release.

8 years ago

proof of concept

#6 @jaredatch
8 years ago

  • Type changed from defect to enhancement

Attached a proof of concept patch.

Basically I just want to discuss if this is a good method.

By default, we apply kses to all users with who do not have unfiltered HTML privileges.

The patch:

  • adds the img tag to the kses $allowedtags global right before the kses filter is applied to the reply content
  • removes the img tag from kses directly after the the filter is run on reply content.

This would need to be done in multiple locations and would be handled in a much more graceful manner, I just wanted to see what everyone thought before I went more in depth.

#7 @johnjamesjacoby
8 years ago

  • Milestone changed from Future Release to 2.4

This is about what would need to happen, though more cleanly.

We would want our own kses function, to filter/piggy-back on top of WordPress's, and then hook it to the 'bbp_new_reply_pre_content' type filters, to trim out or allow anything in that kses function.

You're on the right track.

#8 @johnjamesjacoby
8 years ago

  • Milestone changed from 2.4 to 2.3
  • Resolution set to fixed
  • Status changed from new to closed

Oddly enough, we can close this now. bbPress has it's own formatting and kses handling, so the ability to modify the allowed tags only for bbPress is in. Moving to 2.3 and closing.

Note: See TracTickets for help on using tickets.