The MU forums have moved to WordPress.org

Issue regarding YouTube and Google videos (36 posts)

  1. ceefour
    Member
    Posted 14 years ago #

    Save the file below as embed_allower.php inside the wp-content/plugins directory of your WordPress or WordPress MU and activate it. Feel free to customize as necessary.

    ----------------------------------

    
    <?php
    /*
     * Plugin Name: Embed Allower
     * Plugin URI: http://hendyirawan.com/
     * Description: Allows embed, object, and other security risks tags. LGPLv3.
     * Version: 1.0
     * Author: Hendy Irawan
     * Author URI: http://hendyirawan.com/
     * */
    
    // For more info see wp-includes/kses.php
    if (!CUSTOM_TAGS) {
    	$allowedposttags['embed'] = array(
    		'style' => array(),
    		'type' => array (),
    		'id' => array (),
    		'height' => array (),
    		'width' => array (),
    		'src' => array (),
    		'object' => array(
    			'height' => array (),
    			'width' => array (),
    			'param' => array (
    				'name' => array (),
    				'value' => array ()
    			)
    		)
    	);
    	$allowedposttags['object'] = array(
    		'height' => array (),
    		'width' => array (),
    		'param' => array (
    			'name' => array (),
    			'value' => array ()
    		),
    		'embed' => array(
    			'style' => array(),
    			'type' => array (),
    			'id' => array (),
    			'height' => array (),
    			'width' => array (),
    			'src' => array ()
    		)
    	);
    }
    
  2. lunabyte
    Member
    Posted 14 years ago #

    Wow. Hello bad security practice.

  3. larysa
    Member
    Posted 13 years ago #

    What are the risks then?

    How bad can it turn out to be?

  4. larysa
    Member
    Posted 13 years ago #

    I've also noticed that when I post on wordpress.com

    and add something like

    ""
    <object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/xPbeFSdsTNg&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><embed src="http://www.youtube.com/v/xPbeFSdsTNg&hl=en&fs=1" type="application/x-shockwave-flash" allowfullscreen="true" width="425" height="344"></embed></object>
    ""

    WP automatically updates it to:

    ""
    [youtube=http://www.youtube.com/watch?v=xPbeFSdsTNg&hl=en&fs=1]
    ""

    Any idea what plugin do they use?

  5. tdjcbe
    Member
    Posted 13 years ago #

    Something they wrote themselves probably.

  6. larysa
    Member
    Posted 13 years ago #

    The proposed solution is also available on wpmudev.org/project/Allow-Embedded-Videos

    So are there any known issues with the security?

    Cheers!

About this Topic