"unfiltered_html" or "manage_options" user permissions affected by cloudron?
-
I've been having an issue with a theme (customizing universal CSS/JS) that the theme's support team seems to believe it's because of either a bad plugin or because of "unfiltered_html" or "manage_options" user.
I don't believe it's like to be a plug-in, as I use the theme on multiple wordpress sites (all on Cloudron) and I always experience the same issue regardless of which plug-ins I install.
This is what the theme support told me:
There are mostly one or two permissions you are not enabling in your WordPress called unfiltered_html and manage_options. Most likely from one of your plugins as we only touch that permission to see if a user has it. In the future we might bypass this and do the same as page custom js and css. This might be a wordpress limitation and these permissions need to be checked however. There are some capability plugins out there that allow you to manage this to give the permission to a certain role. Let us know if you have additional questions on this.
I tried the plugin they recommended to make sure these permissions were granted to admin, but no luck.
Curious if anyone would have any leads on this. I'm starting to think it must be a Cloudron thing.
-
@jordanurbs I'd guess a WordPress (Managed) issue. Try WordPress (Developer).
-
@jdaviescoates that would make sense. Thanks. Is there an easy way to go about switching over on Cloudron that wouldn't require WP exports and everything?
-
@jordanurbs said in "unfiltered_html" or "manage_options" user permissions affected by cloudron?:
Is there an easy way to go about switching over on Cloudron that wouldn't require WP exports and everything?
I don't think so, unfortunately.
I've said this before and I'll say it again: IMHO WordPress (Managed) shouldn't exist. It's only role in life seems to be to create problems for people.
-
@jdaviescoates yup that was definitely the problem. I don't disagree with you, but then again I don't know the reasoning behind having two different ones.
Thanks for the tip!
-
I'm sorry for awakening an old thread, but as this subject came up first in my Google search, I thought it would be wise to share a proper solution regarding the unfiltered_html setting in Cloudron's WordPress managed app.
In the WordPress managed app, the unfiltered_html capability is configured in the wp-config.php file :
define('DISALLOW_UNFILTERED_HTML', true);to revert this you can just change this line to the following one:
define('DISALLOW_UNFILTERED_HTML', false);The reason WordPress managed on Cloudron could be a better choice for some use cases, particularly from a security standpoint, is noteworthy. In the managed version, most of the WordPress files are on an immutable partition, meaning they cannot be altered. This greatly lowers the risk of security issues caused by unauthorized changes to the files.
Also, as the WordPress core files are part of the WordPress cloudron app's, they are not included in the Cloudron's backups, making the backups lighter and quicker since only plugins data and customizations are backed up, not the entire WordPress core.
