[wp-trac] [WordPress Trac] #51093: Custom CSS output runs through the wrong filter for custom user role
WordPress Trac
noreply at wordpress.org
Fri Aug 21 12:15:08 UTC 2020
#51093: Custom CSS output runs through the wrong filter for custom user role
--------------------------+-----------------------------
Reporter: kittmedia | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Customize | Version: 5.5
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I added a custom user role, which is able to see the Custom CSS in the
Customizer. As soon as a user with such a role publishes the Customizer
settings, the Custom CSS gets filtered through the wrong filter. This
wasn’t the case in WordPress < 5.5 and is a new issue.
My created user role:
{{{#!php
<?php
function add_custom_role() {
add_role(
'custom',
esc_html__( 'Custom' ),
array(
'update_core' => false,
'update_plugins' => false,
'update_themes' => false,
'activate_plugins' => false,
'edit_plugins' => false,
'edit_themes' => false,
'delete_plugins' => false,
'delete_themes' => false,
'switch_themes' => false,
'create_users' => false,
'edit_users' => false,
'delete_users' => true,
'edit_files' => true,
'edit_theme_options' => true,
'export' => false,
'import' => true,
'list_users' => true,
'manage_options' => true,
'remove_users' => true,
'edit_dashboard' => true,
'customize' => true,
'unfiltered_html' => true,
'delete_others_pages' => true,
'delete_others_posts' => true,
'delete_pages' => true,
'delete_posts' => true,
'delete_private_pages' => true,
'delete_private_posts' => true,
'delete_published_pages' => true,
'delete_published_posts' => true,
'edit_others_pages' => true,
'edit_others_posts' => true,
'edit_pages' => true,
'edit_posts' => true,
'edit_private_pages' => true,
'edit_private_posts' => true,
'edit_published_pages' => true,
'edit_published_posts' => true,
'manage_categories' => true,
'moderate_comments' => true,
'publish_pages' => true,
'publish_posts' => true,
'read' => true,
'read_private_pages' => true,
'read_private_posts' => true,
'upload_files' => true,
'copy_posts' => true,
)
);
}
add_action( 'init', 'add_custom_role' );
}}}
Tested CSS:
{{{
body > a {
color: #fff;
}
}}}
Actually CSS output:
{{{
body <
a {
color: #fff;
}
}}}
The data is stored correctly in the database, so it doesn’t seem to be a
problem during the save function but rather during the output.
Tested with WordPress 5.5 and Twenty Seventeen theme.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51093>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list