HTML Not Allowed in WordPress PHP Hack
Question
I'm now in charge of our church's website that is based on WordPress. I'm trying to figure out these adjustments to the Theme Options.
Basically, HTML is allowed in “Welcome Message” and “Footer,” but if I use it anywhere else it works, until you update again in which case it breaks and the HTML is stripped out. I'd like to figure out how to allow HTML in Event descriptions as well, so that I can place links and not have them stopped out after updating something else in the options.
I'm looking for a little help to understand this PHP file and figure out what is allowing the HTML in one place and not in another.
Theme Options (controls the WordPress Admin Panel where text is added):
<?php
add_action('init','of_options');
if (!function_exists('of_options')) {
function of_options(){
// VARIABLES
$themename = get_theme_data(STYLESHEETPATH . '/style.css');
$themename = $themename['Name'];
$shortname = "fumco";
// Populate OptionsFramework option in array for use in theme
global $of_options;
$of_options = get_option('of_options');
$GLOBALS['template_path'] = get_bloginfo('stylesheet_directory');
//Access the WordPress Categories via an Array
$of_categories = array();
$of_categories_obj = get_categories('hide_empty=0');
foreach ($of_categories_obj as $of_cat) {
$of_categories[$of_cat->cat_ID] = $of_cat->cat_name;}
$categories_tmp = array_unshift($of_categories, "Select a category:");
//Access the WordPress Pages via an Array
$of_pages = array();
$of_pages_obj = get_pages('sort_column=post_parent,menu_order');
foreach ($of_pages_obj as $of_page) {
$of_pages[$of_page->ID] = $of_page->post_name; }
$of_pages_tmp = array_unshift($of_pages, "Select a page:");
// Image Alignment radio box
$options_thumb_align = array("alignleft" => "Left","alignright" => "Right","aligncenter" => "Center");
// Image Links to Options
$options_image_link_to = array("image" => "The Image","post" => "The Post");
//Testing
$options_select = array("one","two","three","four","five");
$options_radio = array("one" => "One","two" => "Two","three" => "Three","four" => "Four","five" => "Five");
//Stylesheets Reader
$alt_stylesheet_path = STYLESHEETPATH . '/styles/';
$alt_stylesheets = array();
if ( is_dir($alt_stylesheet_path) ) {
if ($alt_stylesheet_dir = opendir($alt_stylesheet_path) ) {
while ( ($alt_stylesheet_file = readdir($alt_stylesheet_dir)) !== false ) {
if(stristr($alt_stylesheet_file, ".css") !== false) {
$alt_stylesheets[] = $alt_stylesheet_file;
}
}
}
}
//More Options
$uploads_arr = wp_upload_dir();
$all_uploads_path = $uploads_arr['path'];
$all_uploads = get_option('of_uploads');
$other_entries = array("Select a number:","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19");
$body_repeat = array("no-repeat","repeat-x","repeat-y","repeat");
$body_pos = array("top left","top center","top right","center left","center center","center right","bottom left","bottom center","bottom right");
// Set the Options Array
$options = array();
/* Home page banners set (upto 4 banners with alt, link and target url) */
$options[] = array( "name" => "Home Banners",
"type" => "heading");
$options[] = array( "name" => "Banner Image #1",
"desc" => "Upload the banner image. Banner size should be 980x325 pixels. Leave blank if not required.",
"id" => $shortname."_banner01",
"type" => "upload");
$options[] = array( "name" => "Alternative Text",
"desc" => "Provide alternative text for the banner image. Leave blank if not required.",
"id" => $shortname."_banner01_alt",
"type" => "text");
$options[] = array( "name" => "Link on Banner",
"desc" => "Provide hyperlink url if required.",
"id" => $shortname."_banner01_href",
"type" => "text");
$options[] = array( "name" => "Link Target",
"desc" => "Open link in new window",
"id" => $shortname."_banner01_target",
"type" => "checkbox");
$options[] = array( "name" => "Banner Image #2",
"desc" => "Upload the banner image. Banner size should be 980x325 pixels. Leave blank if not required.",
"id" => $shortname."_banner02",
"type" => "upload");
$options[] = array( "name" => "Alternative Text",
"desc" => "Provide alternative text for the banner image. Leave blank if not required.",
"id" => $shortname."_banner02_alt",
"type" => "text");
$options[] = array( "name" => "Link on Banner",
"desc" => "Provide hyperlink url if required.",
"id" => $shortname."_banner02_href",
"type" => "text");
$options[] = array( "name" => "Link Target",
"desc" => "Open link in new window",
"id" => $shortname."_banner02_target",
"type" => "checkbox");
$options[] = array( "name" => "Banner Image #3",
"desc" => "Upload the banner image. Banner size should be 980x325 pixels. Leave blank if not required.",
"id" => $shortname."_banner03",
"type" => "upload");
$options[] = array( "name" => "Alternative Text",
"desc" => "Provide alternative text for the banner image. Leave blank if not required.",
"id" => $shortname."_banner03_alt",
"type" => "text");
$options[] = array( "name" => "Link on Banner",
"desc" => "Provide hyperlink url if required.",
"id" => $shortname."_banner03_href",
"type" => "text");
$options[] = array( "name" => "Link Target",
"desc" => "Open link in new window",
"id" => $shortname."_banner03_target",
"type" => "checkbox");
$options[] = array( "name" => "Banner Image #4",
"desc" => "Upload the banner image. Banner size should be 980x325 pixels. Leave blank if not required.",
"id" => $shortname."_banner04",
"type" => "upload");
$options[] = array( "name" => "Alternative Text",
"desc" => "Provide alternative text for the banner image. Leave blank if not required.",
"id" => $shortname."_banner04_alt",
"type" => "text");
$options[] = array( "name" => "Link on Banner",
"desc" => "Provide hyperlink url if required.",
"id" => $shortname."_banner04_href",
"type" => "text");
$options[] = array( "name" => "Link Target",
"desc" => "Open link in new window",
"id" => $shortname."_banner04_target",
"type" => "checkbox");
/* Welcome Message */
$options[] = array( "name" => "Welcome Message",
"type" => "heading");
$options[] = array( "name" => "Title",
"desc" => "Enter Title for the welcome text. Use '<span>...</span> tags for highlight in red.",
"id" => $shortname."_welcome_title",
"std" => "<span>Welcome</span> to First United Methodist Chuch of Orlando.",
"type" => "text");
$options[] = array( "name" => "Message",
"desc" => "Enter welcome message. You allowed to use HTML tags to style the message.",
"id" => $shortname."_welcome_message",
"std" => "Come worship and connect with us. We pray that you have a rejuvenating experience. Know that we welcome all seekers of Christ, recognizing that all individuals are unique creations of God. We welcome you – just as you are. <br />Here, there is a place for everyone.<br />“Come and you will see.” - John 1:39",
"type" => "textarea");
/* Worship Time - Add upto 3 worship times */
$options[] = array( "name" => "Worship Times",
"type" => "heading");
$options[] = array( "name" => "Worship Times #1",
"desc" => "Enter title for worship time.",
"id" => $shortname."_worship01_title",
"type" => "text");
$options[] = array( "name" => "Date and Time",
"desc" => "Enter worship date and time here. It will displayed in same manner as you write here.",
"id" => $shortname."_worship01_time",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Worship.",
"id" => $shortname."_worship01_text",
"type" => "text");
$options[] = array( "name" => "Worship Times #2",
"desc" => "Enter title for worship time.",
"id" => $shortname."_worship02_title",
"type" => "text");
$options[] = array( "name" => "Date and Time",
"desc" => "Enter worship date and time here. It will displayed in same manner as you write here.",
"id" => $shortname."_worship02_time",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Worship.",
"id" => $shortname."_worship02_text",
"type" => "text");
$options[] = array( "name" => "Worship Times #3",
"desc" => "Enter title for worship time.",
"id" => $shortname."_worship03_title",
"type" => "text");
$options[] = array( "name" => "Date and Time",
"desc" => "Enter worship date and time here. It will displayed in same manner as you write here.",
"id" => $shortname."_worship03_time",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Worship.",
"id" => $shortname."_worship03_text",
"type" => "text");
/* Upcoming Events - Add upto 3 events */
$options[] = array( "name" => "Upcoming Events",
"type" => "heading");
$options[] = array( "name" => "Event #1",
"desc" => "Enter title for events.",
"id" => $shortname."_event01_title",
"type" => "text");
$options[] = array( "name" => "Sub Heading",
"desc" => "Enter sub heading for the event.",
"id" => $shortname."_event01_subheading",
"std" => "",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Event.",
"id" => $shortname."_event01_text",
"type" => "text");
$options[] = array( "name" => "Event #2",
"desc" => "Enter title for events.",
"id" => $shortname."_event02_title",
"type" => "text");
$options[] = array( "name" => "Sub Heading",
"desc" => "Enter sub heading for the event.",
"id" => $shortname."_event02_subheading",
"std" => "",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Event.",
"id" => $shortname."_event02_text",
"type" => "text");
$options[] = array( "name" => "Event #3",
"desc" => "Enter title for events.",
"id" => $shortname."_event03_title",
"type" => "text");
$options[] = array( "name" => "Sub Heading",
"desc" => "Enter sub heading for the event.",
"id" => $shortname."_event03_subheading",
"std" => "",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Event.",
"id" => $shortname."_event03_text",
"type" => "text");
$options[] = array( "name" => "Event #4",
"desc" => "Enter title for events.",
"id" => $shortname."_event04_title",
"type" => "text");
$options[] = array( "name" => "Sub Heading",
"desc" => "Enter sub heading for the event.",
"id" => $shortname."_event04_subheading",
"std" => "",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Event.",
"id" => $shortname."_event04_text",
"type" => "text");
$options[] = array( "name" => "Event #5",
"desc" => "Enter title for events.",
"id" => $shortname."_event05_title",
"type" => "text");
$options[] = array( "name" => "Sub Heading",
"desc" => "Enter sub heading for the event.",
"id" => $shortname."_event05_subheading",
"std" => "",
"type" => "text");
$options[] = array( "name" => "Description",
"desc" => "Enter 2-3 line description for the Event.",
"id" => $shortname."_event05_text",
"type" => "text");
/* Advertisement / Campaign Banners (displayed on home page and sidebar) */
$options[] = array( "name" => "Campaign Banners",
"type" => "heading");
$options[] = array( "name" => "Campaign Image #1",
"desc" => "Upload the campaign banner image for the home page. Banner size should be 494x168 pixels.",
"id" => $shortname."_campaign01_image",
"type" => "upload");
$options[] = array( "name" => "Campaign Sidebar Image",
"desc" => "Upload the campaign banner image for the sidebar. Banner size should be 307x86 pixels.",
"id" => $shortname."_campaign01_small",
"type" => "upload");
$options[] = array( "name" => "Alternative Text",
"desc" => "Provide alternative text for the campaign image. Leave blank if not required.",
"id" => $shortname."_campaign01_alt",
"type" => "text");
$options[] = array( "name" => "Link on Campaign",
"desc" => "Provide hyperlink url if required.",
"id" => $shortname."_campaign01_href",
"type" => "text");
$options[] = array( "name" => "Link Target",
"desc" => "Open link in new window",
"id" => $shortname."_campaign01_target",
"type" => "checkbox");
$options[] = array( "name" => "Campaign Image #2",
"desc" => "Upload the campaign banner image for the home page. Banner size should be 494x168 pixels.",
"id" => $shortname."_campaign02_image",
"type" => "upload");
$options[] = array( "name" => "Campaign Sidebar Image",
"desc" => "Upload the campaign banner image for the sidebar. Banner size should be 307x86 pixels.",
"id" => $shortname."_campaign02_small",
"type" => "upload");
$options[] = array( "name" => "Alternative Text",
"desc" => "Provide alternative text for the campaign image. Leave blank if not required.",
"id" => $shortname."_campaign02_alt",
"type" => "text");
$options[] = array( "name" => "Link on Campaign",
"desc" => "Provide hyperlink url if required.",
"id" => $shortname."_campaign02_href",
"type" => "text");
$options[] = array( "name" => "Link Target",
"desc" => "Open link in new window",
"id" => $shortname."_campaign02_target",
"type" => "checkbox");
/* Footer address and copyright statement */
$options[] = array( "name" => "Footer Text",
"type" => "heading");
$options[] = array( "name" => "Address",
"desc" => "Enter address which will be displayed in footer. Use HTML tags to format the text.",
"id" => $shortname."_footer_address",
"std" => "<strong>First United Methodist Church of Orlando</strong><br />142 East Jackson Street, Orlando, FL 32801<br />Telephone 407.849.6080 <br />Email: <a href='mailto:Contact@FirstChurchOrlando.org'>Contact@FirstChurchOrlando.org</a>",
"type" => "textarea");
$options[] = array( "name" => "Copyright Text",
"desc" => "Enter copyright text here..",
"id" => $shortname."_footer_copyright",
"std" => "©Copyright2011. First United Methodist Church of Orlando, All right reserved",
"type" => "textarea");
update_option('of_template',$options);
update_option('of_themename',$themename);
update_option('of_shortname',$shortname);
}
}
?>
The HTML inserted DOES NOT work when inserted into the template here:
<ul><?php
for ($i=1; $i<=5; $i++) {
if (get_option('fumco_event0'.$i.'_title')== '') {
// Do nothing
} else {
if (get_option('fumco_event0'.$i.'_title')) {
echo '<li>';
echo '<h3>'.get_option('fumco_event0'.$i.'_title').'</h3>';
echo '<span class="event-datetime">';
if (get_option('fumco_event0'.$i.'_subheading')) {
echo get_option('fumco_event0'.$i.'_subheading');
}
echo '</span>';
if (get_option('fumco_event0'.$i.'_text')) {
echo '<p>'.get_option('fumco_event0'.$i.'_text').'</p>';
}
echo '</li>';
}
}
}
?></ul>
The HTML added DOES work in this spot:
<?php if (get_option('fumco_footer_address')) {
echo get_option('fumco_footer_address');
} else {
echo '<strong>First United Methodist Church of Orlando</strong><br />
142 East Jackson Street, Orlando, FL 32801<br />
Telephone 407.849.6080 <br />
Email: <a href="mailto:Contact@FirstChurchOrlando.org">Contact@FirstChurchOrlando.org</a>';
} ?>
1 answers
solution1
0 2014-02-20 12:27:04
Try changing the type of the events to textarea as shown below:
$options[] = array( "name" => "Event #1",
"desc" => "Enter title for events.",
"id" => $shortname."_event01_title",
"type" => "textarea");
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Wordpress php injection hack
Trying to hack the wordpress jetpack php to allow publicizing of already published posts
Wordpress site backdoor - hack
Wordpress Contact Form 7 hack
WordPress Website Comprimised Hack
WordPress hack attempt
Allowed memory size exhausted in PHP Wordpress
PHP CMS Login Hack
SESSION hack in PHP
echo HTML in PHP in Wordpress
Related Tags