Home Forums Plugin Support WP User Frontend (Free Version) Slashes added when saving from frontend

This topic is: resolved

This topic contains 5 replies, has 2 voices, and was last updated by  Tareq Hasan 6 years ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #4955

    codynew
    Participant
    Post count: 4

    WP: 3.5.1
    Frontend: 1.2
    ———————–

    Hi

    I havve WP User Frontend enabled but when a user modifies and saves their post from the frontend, some slashes get added each time it gets saved.

    So what is originally this…

    The man said “Hi, I am a test post which has been added by the frontend”. It's great!

    Becomes

    The man said \”Hi, I am a test post which has been added by the frontend\”. It\'s great!

    How do I remove the slashes and stop them being added and saved please?

    #4967

    Tareq Hasan
    Keymaster
    Post count: 2831

    It's because of the user level. Some users like author, editor have unfiltered_html capability and which allow them to post without any sanitization/checking.

    For the users like contributor, subscriber, WordPress filters those submission and as a security measure, they add slashes..

    #4971

    codynew
    Participant
    Post count: 4

    Thanks, does this mean that I could use a plugin like User Role Editor to enable the unfiltered_html.

    Would it actually be safe for me to do so?

    What do you recommend?

    #4992

    Tareq Hasan
    Keymaster
    Post count: 2831

    Yes, you could use role editor plugin for that.

    Never trust the user

    So just don't take my word. But I suppose you can give the permission.

    #4996

    codynew
    Participant
    Post count: 4

    Thanks, just what IS unfiltered_html?

    I don't really want to expose myself on the website but at the same time, the slashes arent exactly acceptable ๐Ÿ™

    #5028

    Tareq Hasan
    Keymaster
    Post count: 2831

    It's a capability that will enable you to post texts without filtering.

    As an example, the quote symbol has something to do with SQL injection and it'll be escaped by adding a forward slash before it. If you have the unfiltered_html capability, it'll not be escaped as you are marked as a trusted user.

Viewing 6 posts - 1 through 6 (of 6 total)

The topic ‘Slashes added when saving from frontend’ is closed to new replies.