wordpress multisite unfiltered_html issue

[berd0029]

I understand the potential risks, and I’ve decided to give my single site administrators the unfiltered_html permission.

I’ve assigned it at the network level, and confirmed that my test admin has the permission by checking capabilities for that user on my test blog.

I’ve created a test page as a super-admin and added things like an iframe and some inline css styling in a gutenberg block. I’ve saved the page as a super-admin and all looks good.

When my single site admin (who has unfiltered_html permission) updates this page, the iframe and css gets stripped away.

I don’t know if there is an issue with the permission not correctly being applied, or if wordpress + gutenberg is ignoring the permission.

Any guidance would be greatly appreciated

[Vladimir]

Please confirm that you turned ON the ‘Enable “unfiltered_html” capability’ checkbox at the “Network admin->Settings->User Role Editor->Multisite” tab.

[Vladimir]

I made my own test and confirm – Gutenberg ignores unfiltered_html even with special option activated, while classic editor does not. I will investigate if I it’s possible to fix this via some WordPress hook.

[Vladimir]

I found the reason why unfiltered_html works fine from the classic editor, but does not from the Gutenberg. Fortunately, it belongs not to the Gutenberg, but to URE Pro itself. It applied ‘unfiltered_html’ for WordPress admin only using is_admin() function. But Gutenberg saves changes via WP Rest API using AJAX. Admin screen is not defined in this case.
I will include the fix into the next update.
Quick fix: open user-role-editor-pro/pro/includes/classes/user-role-editor-pro.php, go to the line #263 (located inside function allow_unfiltered_html()) and replace this code:

if ( !$multisite || !is_admin() ||          

with

if ( !$multisite ||

to get finally

if ( !$multisite ||
     ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML ) ) {
    return;
}

[Author]

Posts