[wp-trac] [WordPress Trac] #51093: Custom CSS output runs through the wrong filter for custom user role
WordPress Trac
noreply at wordpress.org
Tue Aug 25 01:39:05 UTC 2020
#51093: Custom CSS output runs through the wrong filter for custom user role
--------------------------+---------------------
Reporter: kittmedia | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.5.1
Component: Customize | Version: 5.4.1
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+---------------------
Comment (by khag7):
I'm starting to get the impression this has something to do with two
capabilities: `edit_css` and `unfiltered_html`. Testing is needed to
determine what happens if a user has one but not the other. Also we need
to confirm behavior should be the same in boths single site and multi
site.
I think what is happening (untested) is that if a user does not have the
`unfiltered_html` capability, then the CSS output gets run through KSES.
Probably what should happen is because the user does have the `edit_css`
capability, then KSES should not run on the custom css regardless if the
user has `unfiltered_html` or not.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51093#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list