Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. WordPress (Developer)
  3. disallow unfiltered html in wp-config.php

disallow unfiltered html in wp-config.php

Scheduled Pinned Locked Moved Solved WordPress (Developer)
11 Posts 6 Posters 2.7k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    wrote on last edited by
    #1

    I saw define( 'DISALLOW_FILE_EDIT', true ); in the wp-config.php

    I would like to propose to add this one too:
    define( 'DISALLOW_UNFILTERED_HTML', true );

    ref: https://codex.wordpress.org/Editing_wp-config.php#Disable_unfiltered_HTML_for_all_users

    1 Reply Last reply
    3
    • girishG Do not disturb
      girishG Do not disturb
      girish
      Staff
      wrote on last edited by
      #2

      @JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.

      jdaviescoatesJ 1 Reply Last reply
      2
      • LonkleL Offline
        LonkleL Offline
        Lonkle
        wrote on last edited by
        #3

        I also have this added to mine and think it's a really good idea, personally.

        robiR 1 Reply Last reply
        1
        • girishG Do not disturb
          girishG Do not disturb
          girish
          Staff
          wrote on last edited by
          #4

          For anyone looking into this post, this change means that embedding won't work by default. You can always turn it off - https://forum.cloudron.io/topic/3863/iframe-disappearing-from-page-when-saved

          1 Reply Last reply
          0
          • LonkleL Lonkle

            I also have this added to mine and think it's a really good idea, personally.

            robiR Offline
            robiR Offline
            robi
            wrote on last edited by
            #5

            @lonk except when it isn't.

            Conscious tech

            1 Reply Last reply
            0
            • girishG girish

              @JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.

              jdaviescoatesJ Offline
              jdaviescoatesJ Offline
              jdaviescoates
              wrote on last edited by
              #6

              @girish said in disallow unfiltered html in wp-config.php:

              @JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.

              I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org

              Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.

              So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.

              Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).

              I use Cloudron with Gandi & Hetzner

              imc67I girishG JOduMonTJ 3 Replies Last reply
              2
              • jdaviescoatesJ jdaviescoates

                @girish said in disallow unfiltered html in wp-config.php:

                @JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.

                I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org

                Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.

                So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.

                Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).

                imc67I Online
                imc67I Online
                imc67
                translator
                wrote on last edited by
                #7

                @jdaviescoates fully agree for the Wordpress Developer version

                1 Reply Last reply
                1
                • jdaviescoatesJ jdaviescoates

                  @girish said in disallow unfiltered html in wp-config.php:

                  @JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.

                  I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org

                  Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.

                  So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.

                  Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).

                  girishG Do not disturb
                  girishG Do not disturb
                  girish
                  Staff
                  wrote on last edited by
                  #8

                  @jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.

                  JOduMonTJ 1 Reply Last reply
                  1
                  • jdaviescoatesJ jdaviescoates

                    @girish said in disallow unfiltered html in wp-config.php:

                    @JOduMonT Thanks, this looks like a good idea. I think I will add it to the default install for more security.

                    I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org

                    Developing WordPress on Cloudron should be just like Developing it anywhere else. Makes migrating to Cloudron at lot easier.

                    So, actually, I think define( 'DISALLOW_FILE_EDIT', true ); should be removed from the default too.

                    Personally I think only what comes in the wp-config-sample.php in a clean download from WordPress.org should be included by default (and that other suggestions like these rules should just be added to the docs as suggestions).

                    JOduMonTJ Offline
                    JOduMonTJ Offline
                    JOduMonT
                    wrote on last edited by
                    #9

                    @jdaviescoates said in disallow unfiltered html in wp-config.php:

                    I don't think this should be in the default Developer package. I think the default should be pretty much exactly what you get if you download WordPress from WordPress.org

                    🤔 So you think the default should be like default configuration aka official configuration

                    Obviously this have a lot of PRO such as you could relay on the WordPress Community for help and the Cloudron community don't have to deal with all these exception. 🤓

                    Also; as girish nicely digged too, it also interfere with the default behavior.

                    @girish said in disallow unfiltered html in wp-config.php:

                    For anyone looking into this post, this change means that embedding won't work by default. You can always turn it off - https://forum.cloudron.io/topic/3863/iframe-disappearing-from-page-when-saved

                    1 Reply Last reply
                    1
                    • girishG girish

                      @jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.

                      JOduMonTJ Offline
                      JOduMonTJ Offline
                      JOduMonT
                      wrote on last edited by
                      #10

                      @girish said in disallow unfiltered html in wp-config.php:

                      @jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.

                      do you think it worth it add an option in Cloudron Interface where people would copy and paste snippet for the configuration ?
                      af9a2db2-3089-49c5-9d9f-f8e954874eb2-image.png

                      or to have a tab where we could edit the configuration file and behind git do a differential between every change ?

                      how this open a door to too much issue.

                      jdaviescoatesJ 1 Reply Last reply
                      0
                      • JOduMonTJ JOduMonT

                        @girish said in disallow unfiltered html in wp-config.php:

                        @jdaviescoates I agree with the sentiment. I think if anything I should have added it to the managed edition... I will remove it.

                        do you think it worth it add an option in Cloudron Interface where people would copy and paste snippet for the configuration ?
                        af9a2db2-3089-49c5-9d9f-f8e954874eb2-image.png

                        or to have a tab where we could edit the configuration file and behind git do a differential between every change ?

                        how this open a door to too much issue.

                        jdaviescoatesJ Offline
                        jdaviescoatesJ Offline
                        jdaviescoates
                        wrote on last edited by
                        #11

                        @jodumont I think just having any recommended snippets in the docs would suffice for most, no? Then just copy/paste any you want to use using the File Manager (after making a backup in case it breaks something).

                        I use Cloudron with Gandi & Hetzner

                        1 Reply Last reply
                        1
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search