This plugin allows you to include a TinyMCE rich editing box on many of the pages of BuddyPress. I want to be careful about the tags I allow, so I’m whitelisting, which is a bit tedious. As a result, there are only a few buttons available: a, em, strong, ul, ol, li. It’s a start, though.
Seems to work everywhere in BP: forums, wire, messages, profile pages.
A note about TinyMCE: WP ships with TinyMCE, and I thought it made sense to use that version instead of attaching one to this plugin. I think that the path to TinyMCE (line 20 of the plugin) should work on all installations, but you may have to tinker if you don’t see it popping up in the head of your BP pages. Moreover, the language files for WP’s version of TinyMCE are misnamed, which means that they don’t work right out of the box (at least for me they don’t). You may need to change the name of wp-includes/js/tinymce/langs/wp-langs-en.php to en.php in order to get the hover and help text in the TinyMCE box to work.
Download the plugin here. Don’t use in a production environment unless you are very certain that you are satisfied with the security of this plugin!
Update, March 13 2010: I’ve tweaked the plugin so that it should work with ajax status updates in BP 1.2.1+. Download it here, but keep in mind it’s not really an official release – just a stopgap til I can find time to make it work right.
BP TinyMCE has been downloaded 1,560 times. Are you using this plugin? Consider a donation.
See an older comment stream related to this plugin. All future comments should be left on this post.
Version history
- 0.1
- Initial release
- 0.2
- Compatibility with “what’s new” box on group home pages in BP 1.2
- 0.2.1 – – January 7, 2010
- Fixed problem with a target attribute
16 Comments
Hey Boone — been messing around with this trying to get it working consistently on BP1.2. It appears in some places and not in others, which is making my head hurt (and sadly, breaks the Rate Forum Posts plugin, which I really like too).
Any chance you could take some time out of your madcap BP-plugin-releasing schedule to revisit it for 1.2? A lot of us (I’m guessing, it can’t only be me!) would really appreciate it!
stwc (and now I know what it stands for!!) – I have been putting this task off because TinyMCE is such a PITA. I know that people are clamoring for it, though, so I’ll take a swing at updating this bad boy this week. Thanks for your interest.
Thanks! My users would be happy with any toolbar on their textareas, to be honest, not just TinyMCE. It is indeed a PITA, which is why I’ve kind of given up trying to make it work myself!
For those following this discussion: I just posted a zip file of a version that is pretty much working on BP 1.2 bp-default. Haven’t done a lot of testing, so use at your own risk. Not going to put it in the repo until I have time to test, which might be a while.
Whoops, just saw this! Thanks, Boone, going to have a look ASAP.
Hi Boone,
I have been trying to add the IMG tag to the available buttons. I already searched through the comments and event tryed editing the code in the bp-tinymce/bp-tinymce.php file.
I think I understand where the html filter is, but I can’t find a way to remove the img tag from it.
I thought i could do it modifying the A HREF one, as it is a double tag, but, couldnt get it to work.
Could you please indicate what I have to do to enable the IMG tag? Thanks in advance!
Hi Leonardo,
Sure, you can add an IMG tag easily. In bp-tinymce.php, find the long echo statement on line 22 (beginning “TinyMCE.init”). Find the attribute theme_advanced_buttons1 and add “image” to the end, so it reads “bold,italic,bullist,numlist,blockquote,link,unlink,image”. You shouldn’t have to add <img> as a supported tag on the output end, since recent versions of BP already support the display of inline images in activity stream items.
Keep in mind that it will only add an image button, which allows for the embedding of images that have already been uploaded. In other words, people won’t be able to upload images through this interface, at least not right off the bat. I know that there are some image upload plugins for TinyMCE out there, and there’s no reason why they shouldn’t work with this plugin, though I have not tried any of them myself. If you manage to make one of them work, please report back here – I would be very interested in hearing about it!
Boone,
Thanks a lot for the answer. I can’t believe I was so close, and didn’t think of that!
I was adding “img” to the end. If I had seen (as in payed attention) the other tags were full words instead of the tag, and I might have tried that.
I will look into the upload feature, as I think it would be useful. If I do, and I’m successful, will post back about it.
Thanks again, for the plugin and your time.
My pleasure, Leonardo. For future reference, this page lists all the possible entries for the TinyMCE attributes: http://wiki.moxiecode.com/index.php/TinyMCE:Control_reference
Wow! This is great (my users were very happy to see something ‘intuitive’ ). It’d be nice if it showed up for everything on the site, blog comments as well as the BuddyPress stuff :)
Hey Boone,
I’m wondering here about your plugin, had looked at this before after a recomendation. However when you say you are whitelisting what exactly do you mean by that? I’ve integrated jWysiwyg on text areas. It has a low footprint and doesn’t do much damage on that side. As soon as you switch the plugin on, and submit data through any BP area it gets submitted to the DB successfully. All tags allowed. h1 to h6, em, strike through, alignment, underline, bold, hyperlinks, image references and so on. So it’s stored nice and fine. The biggest problem is getting it back from BP / WP in an unfiltered way.
/bp-forums/bp-forums-templatetags.php
Line 847.
return apply_filters( ‘bp_get_the_topic_post_content’, stripslashes( $topic_template->post->post_text ) )
to
return apply_filters( ”, stripslashes( $topic_template->post->post_text ) )
allows output where any calls on bp_the_topic_post_content() are made.
not sure of the entire implications of clearing these filters.
so it seems as though you can use any wysiwyg in WP / BP when submitting data but getting back out is the problem, are there anyways to apply your own filters to these tags without manipulating the core of BP?
thanks
Hi marcella –
Thanks for stopping by. FWIW I think that jwysiwyg is really nice, and when I finally get around to playing with this plugin again, I will definitely ditch tinymce in favor of that.
When I say “whitelist” I mean that I’m defining the tags that can be saved to the db, as well as the tags that can make it through the display filters. You can see how I did this by looking in the plugin files. The tricky part is that the method is inconsistent between different kinds of content – forum content in particular is handled differently.
If you want to remove the core tag filters altogether, you can do so. The method will be slightly different for different kinds of content, but here’s the idea. Go into the filter files, eg bp-activity/bp-activity-filters.php. See how a bunch of filters are being added? Find the ones related to content (ie hooked to bp_get_activity_content). Comment them out one by one until you find the one that is stripping tags (I think it’s the kses one at the top). Once you’ve found it, copy that whole line (starting with add_filter) to your plugins/bp-custom.php file, and change add_action to remove_action.
The implications? I think there are some security issues regarding the possibility of allowing through some malicious javascript or something.
Thanks Boone, that answered pretty much everything.
jWysiwyg is nice as with TinyMCE but seeing as TinyMCE look for licensing now with file upload and whatnot it’s not ideal for a plugin.
There are plenty of work arounds for the new FCK (CK) i think where you can port the previous FCK file upload to the new CK editor. (CK charge for file upload modules).
So if this was not too heavy i’d be inclined to go with CK maybe in the future.
Good thing about jWysiwyg is it’s so lightweight.
Thanks again that insight is invaluable. Will look further into the security implications of removing the filters.
Hi Boone,
Seen your talk on wordpress.tv and reminded me to come back here and follow up the outcomes.
I had manually removed all filters which allowed the raw data to be brought back into the site nicely, all was well. Implemented some remove actions on the functions in question and it worked very well.
For anyones reference really these functions were always located in it’s corresponding -templatetags.php (plugins/buddypress/activity/ – plugins/buddypress /forums/ – plugins/buddypress/whatever/ file in relation to the area you are trying to remove the filter.
Really not hard, although this was the first time i had hooked onto core files like this minus the occasional excerpt hack in functions.php
Thanks again buddeh. :)
Awesome! Glad it worked, marcella.
update works just fine! thanks a lot!
Post a Comment