[wp-trac] [WordPress Trac] #20488: DISALLOW_UNFILTERED_HTML improperly controls file edit/modifications
WordPress Trac
wp-trac at lists.automattic.com
Thu Apr 19 05:48:15 UTC 2012
#20488: DISALLOW_UNFILTERED_HTML improperly controls file edit/modifications
-----------------------------+-----------------------------------
Reporter: nacin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.4
Component: Role/Capability | Version:
Severity: normal | Keywords: has-patch 2nd-opinion
-----------------------------+-----------------------------------
Apparently DISALLOW_UNFILTERED_HTML is not often used, as doing so also
accidentally sets various other capabilities to do_not_allow: edit_,
install_, update_, and delete_ plugins and themes, and update_core.
On one hand, it could be inferred that disallowing HTML also means you
want to disallow access to install or modify code. I would agree. However,
update_core should be excluded from this inference.
Attached is a unit test (the constant does not break any other tests, so
it appears) and a patch. If we decide that only update_core should be
excluded, the patch will be a bit simpler.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20488>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list