wpmu adaptations
 

hi there.

I have been thinking about using atahualpa on my wpmu installation but before this I would like to know how extensively your changes for wpmu have been, I mean it would be critically if a little loophole escaped your attention.

There is one thing, that I would like to disable: in the backend Atahualpa theme options => HTML/CSS Inserts - this is dangerous, it seems users can insert javascript.

How can I quickly disable this section for my wpmu install?

Besides, in almost any wpmu installation inserting frames, embeds, javascript, php is disabled and forbidden as its a huge security whole giving random users access to these things.

I would very much like to get feedback from the author to see if this theme is really ready for wpmu.

Comment out the whole HTML Inserts section in functions/bfa_theme_options.php starting with // New category: html-inserts at around line 2223 and going up to // New category: Archives page at around line 2276. In functions.php comment out the line
by changing it to

Thx :-) I had half-way foudn that out by myself, was not sure if I missed anything.
besides, is there any other potentially dangerous code in there for a wpmu isntallation where registrations are open for anyone?

btw. where can users of wpmu upload their header images? I can't fidn that function. OR do you have to attach the image headers you want to use to a post or just upload into the media manager?

The upload is different for WPMU users, they'll have to upload through the regular WP editor /media manager and Atahualpa will scan their upload folder for image file names Similar for own logo image: Upload through WP, then set file name at A. Theme Options -> Header -> Show Logo Image?

do you think it would be possible to automatically disable the html/css inserts for a wpmu installation? After the latest update I forgot again to manually disable it...