The MU forums have moved to WordPress.org

WordPress MU Forums » Plugins and Hacks

PHP-exec or RunPHP for admin only? (7 posts)

  1. Bike
    Member
    Posted 16 years ago #

    There were some old discussions, but no real solutions as far as I could see, so maybe one of you knows:

    I assume that any PHP-exec /RunPHP gets blocked in WPMU (kses.php probably?) to prevent malicious code.

    Is there a way to have this not getting blocked for the administrator? I have a my-plugins folder, so I could add these PHP plugins there and they should only work for me, but then still kses.php will eat it?

    Cheers, Bike

  2. Ovidiu
    Member
    Posted 16 years ago #

    http://mu.wordpress.org/forums/topic.php?id=3026&page&replies=43#post-22991

  3. Bike
    Member
    Posted 16 years ago #

    Hi Ovidiu,
    thanks for the reply, but it does not help much. I already have the my-plugins in place and can add any plugin to be called for the main blog only.

    With testing runPHP, it does appear for blog1 only, I can change options etc. No problem there. But even with visual editor and XHTML check off, MU still eats all code. I assume that it is kses.php.(?)

    Therefore the question is: can I add something that makes kses.php less strict for admin and/or blog1?
    In some posts it was recommended to use older kses.php version, but I assume that later versions have better overall security, so do not want to bite myself :)

    Thanks for any help,
    Cheers, Bike

  4. Ovidiu
    Member
    Posted 16 years ago #

    sorry Bike, I was too quick with my reply. I implied that you were still missing the option to execute php.
    Now I understand, your real problem, unfortunately I can not help. Hopefully you'll get another useful answer soon.

  5. andrea_r
    Moderator
    Posted 16 years ago #

    No, I don;t think you can add stuff to kses just for 1 blog. Depending on what you ultimately want to do (run php in a post), there may be a few other options.

  6. Bike
    Member
    Posted 16 years ago #

    Thanks Andrea,

    in the end I want to be able to run PHP/HTML (but also div's etc) in the posts & especially pages of the main blog. Also I want to be sure that when I edit a page, I can edit the PHPcode, so it should still be there :)

    I am not quite sure about the inner workings of kses.php and if it is needed for more things than security, but if it is not needed if you trust the user (i.e. main blog/admin), could you not wrap a if==admin or something around the entire contents?
    thanks,
    Cheers, Bike

  7. theapparatus
    Member
    Posted 16 years ago #

    No, I don;t think you can add stuff to kses just for 1 blog.

    You probably could. Find where the filter gets added in and add in a check to see what blog is being accessed.

    if (!($blog_id == 1)) {
     add_filter('kses')
}

    or something like that. Mind is mush today.

About this Topic

  • Started 16 years ago by Bike
  • Latest reply from theapparatus