disallow unfiltered html in wp-config.php
-
I saw
define( 'DISALLOW_FILE_EDIT', true );in the wp-config.phpI would like to propose to add this one too:
define( 'DISALLOW_UNFILTERED_HTML', true );ref: https://codex.wordpress.org/Editing_wp-config.php#Disable_unfiltered_HTML_for_all_users
-
-
For anyone looking into this post, this change means that embedding won't work by default. You can always turn it off - https://forum.cloudron.io/topic/3863/iframe-disappearing-from-page-when-saved
-
@JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.
@girish said in disallow unfiltered html in wp-config.php:
@JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.
I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org
Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.
So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.
Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).
-
@girish said in disallow unfiltered html in wp-config.php:
@JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.
I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org
Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.
So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.
Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).
@jdaviescoates fully agree for the Wordpress Developer version
-
@girish said in disallow unfiltered html in wp-config.php:
@JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.
I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org
Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.
So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.
Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).
@jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.
-
@girish said in disallow unfiltered html in wp-config.php:
@JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.
I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org
Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.
So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.
Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).
@jdaviescoates said in disallow unfiltered html in wp-config.php:
I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org
So you think the default should be like default configuration aka official configurationObviously this have a lot of PRO such as you could relay on the WordPress Community for help and the Cloudron community don't have to deal with all these exception.
Also; as girish nicely digged too, it also interfere with the default behavior.
@girish said in disallow unfiltered html in wp-config.php:
For anyone looking into this post, this change means that embedding won't work by default. You can always turn it off - https://forum.cloudron.io/topic/3863/iframe-disappearing-from-page-when-saved
-
@jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.
@girish said in disallow unfiltered html in wp-config.php:
@jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.
do you think it worth it add an option in Cloudron Interface where people would copy and paste snippet for the configuration ?
or to have a tab where we could edit the configuration file and behind git do a differential between every change ?
how this open a door to too much issue.
-
@girish said in disallow unfiltered html in wp-config.php:
@jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.
do you think it worth it add an option in Cloudron Interface where people would copy and paste snippet for the configuration ?
or to have a tab where we could edit the configuration file and behind git do a differential between every change ?
how this open a door to too much issue.
@jodumont I think just having any recommended snippets in the docs would suffice for most, no? Then just copy/paste any you want to use using the File Manager (after making a backup in case it breaks something).
