I know there are a ton of post out there about how to allow html in profiles. Most of these warn about the security risk of doing so. My thinking is there has to be a way to only allow users to use html for certain users. I tried this but It doesn’t work. I think it’s because you can’t remove a filter from inside a filter. Any help would be awesome.
add_action('edit user profile update', 'nifty_strip_html');
function nifty_strip_html($user_id) {
if ($user_id == 2){
//if user id is 2 then allow html
remove_filter('pre_user_description', 'wp_filter_kses');
}
else{
return; //keep the filtered html
}
}
You can hook on an early action and apply the filter for your use case:
add_action( 'load-profile.php', 'allow_profile_html_wpse_91564' );
function allow_profile_html_wpse_91564()
{
global $current_user;
if( '2' == $current_user->ID )
remove_filter('pre_user_description', 'wp_filter_kses');
}
The hook load-$pagenow
runs in all default admin pages (i.e., not added by a third party), and it’s declared in the file /wp-admin/admin.php
.
$pagenow
is the PHP page running at a given moment. So, to target the page /wp-admin/user-edit.php?user_id=2
, another hook is needed and also another conditional checking:
add_action( 'load-user-edit.php', 'callback_function' );
function allow_user_html_wpse_91564()
{
if( isset( $_REQUEST['user_id'] ) && '2' == $_REQUEST['user_id'] )
remove_filter( 'pre_user_description', 'wp_filter_kses' );
}