[wp-trac] [WordPress Trac] #57979: Can't upload images to WordPress Comments
WordPress Trac
noreply at wordpress.org
Mon Oct 9 11:06:17 UTC 2023
#57979: Can't upload images to WordPress Comments
-------------------------------------------------+-------------------------
Reporter: sbb | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4
Component: Comments | Version: 6.0.3
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion dev-feedback | Focuses:
needs-testing changes-requested | administration
-------------------------------------------------+-------------------------
Changes (by SergeyBiryukov):
* keywords: has-patch 2nd-opinion dev-feedback needs-testing => has-patch
2nd-opinion dev-feedback needs-testing changes-requested
Comment:
Thanks for the patch!
Checking for `current_user_can( 'administrator' )` does not seem ideal
here, as this does not account for custom roles, see a note in
[https://developer.wordpress.org/reference/functions/current_user_can/
current_user_can()] documentation:
> While checking against particular roles in place of a capability is
supported in part, this practice is discouraged as it may produce
unreliable results.
I think `current_user_can( 'unfiltered_html' )` should be used instead:
{{{
if ( ! current_user_can( 'unfiltered_html' ) && ! has_filter(
'pre_comment_content', 'wp_filter_kses' ) ) {
$filter_comment = ! user_can( isset( $comment['user_id'] ) ?
$comment['user_id'] : 0, 'unfiltered_html' );
}
}}}
If I understand the issue correctly, the comment author's capabilities
should only be checked if the current user does not have
`unfiltered_html`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57979#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list