[wp-trac] [WordPress Trac] #15002: unfiltered_html capability is not observed when set explicitly for role
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 30 21:16:48 UTC 2010
#15002: unfiltered_html capability is not observed when set explicitly for role
-----------------------------+----------------------------------------------
Reporter: phlux0r | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.0.1
Severity: normal | Keywords: capability,roles,unfiltered_html
-----------------------------+----------------------------------------------
When the unfiltered_html capability is explicitly set for a user role, WP
does not observe it.
In wp-includes/capabilities.php around line 1021 the code is:
{{{
case 'unfiltered_html':
// Disallow unfiltered_html for all users, even admins and
super admins.
if ( defined('DISALLOW_UNFILTERED_HTML') &&
DISALLOW_UNFILTERED_HTML ) {
$caps[] = 'do_not_allow';
break;
}
// Fall through if not DISALLOW_UNFILTERED_HTML
}}}
My fix is to change it to:
{{{
case 'unfiltered_html':
// Disallow unfiltered_html for all users, even admins and
super admins.
if ( defined('DISALLOW_UNFILTERED_HTML') &&
DISALLOW_UNFILTERED_HTML ) {
$caps[] = 'do_not_allow';
break;
} else { // FIX to observe the unfiltered_html capability
assigned to role
$caps[] = $cap;
break;
}
// Fall through if not DISALLOW_UNFILTERED_HTML
}}}
Cheers, Robert
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15002>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list