Include code in posts
-
Is there a simple way for ONLY the administrator of the forum to be able to input embedded javascript into posts?
She wants to include some banner ads from other companies, and getting these in the right format is turning into a real headache…..
they are published like this…
but the image plugin only allows .jpg .gif etc.
Could that be disabled only if the ADMIN was posting the entry?
-
There is a plugin to allow the img tag, but you’d need to edit it and add a statement in saying “if admin then allowed_tags = …, else allowed_tags = …”. I’m not sure how easy that would be – anyone else have any clues?
I’d suggest editing the template in bb-templates and adding it in manually, if you really, really want a banner ad.
If you can’t edit the template and have something against the excellent bb-Ads plugin: I can’t help you, because AFAIK there’s no straightforward API function to check what a non-current user can do.
Well this doesn’t adress ads only, the question is more that the admin have more rights (like javascript/html entries) then ‘normal’ users.
Can be done let me think…………….
– You’ll have to enter some new tags in the plugin (allowed tags)
– Then in the template files containing post fields, you could add the tags and make them visible for the admin only with something like: if user can edit;
Now you can use javascript and other tags that you’ve entered and only the admin can see these links/buttons, but every1 can use them though …
So some filter should be added in view.php? like euuhh…
If post is by admin, allow tags x,y,z else print as code...
This way if a user tries to put in some javascript code it will be displayed as code and if the user is admin it will execute/display it.
In theory
Yeah, and that’s where it’s annoying because you can’t easily check if a given user has permissions. Might be worth a trac ticket request.
Possibly easiest would be to attach a filter for the post being submitted, because then you can use the
bb_current_user_can()
function.Trent uses
if (bb_current_user_can('administrate'))
in his YouTube plugin. Couldn’t you mod the allow_images plugin to also allow<script>
tags, but only if the user is an administrator? That would still allow the scripts to do their thing, but only in posts authored by an administrator.Unfortunately, if you’re looking for a way to place ads in posts by any ol’ user, there’s not a safe way to do that b/c they could put ANY script in and have it execute.
Best bet? bb-Ads. Situations just like this are what I wrote it for. You can see it in action at blog.wittmania.com/bbpress
- You must be logged in to reply to this topic.