[wp-trac] [WordPress Trac] #15002: unfiltered_html capability is not observed when set explicitly for role

WordPress Trac wp-trac at lists.automattic.com
Thu Sep 30 21:37:36 UTC 2010


#15002: unfiltered_html capability is not observed when set explicitly for role
-----------------------------+----------------------------------------------
 Reporter:  phlux0r          |       Owner:                                  
     Type:  defect (bug)     |      Status:  new                             
 Priority:  normal           |   Milestone:  Awaiting Review                 
Component:  Role/Capability  |     Version:  3.0.1                           
 Severity:  normal           |    Keywords:  capability,roles,unfiltered_html
-----------------------------+----------------------------------------------

Comment(by nacin):

 You're missing an important section of the code that follows. There is no
 break; there. The comment specifically says it falls through:
 {{{
         case 'unfiltered_html':
                 // Disallow unfiltered_html for all users, even admins and
 super admins.
                 if ( defined('DISALLOW_UNFILTERED_HTML') &&
 DISALLOW_UNFILTERED_HTML ) {
                         $caps[] = 'do_not_allow';
                         break;
                 }
                 // Fall through if not DISALLOW_UNFILTERED_HTML
         case 'delete_user':
         case 'delete_users':
                 // If multisite these caps are allowed only for super
 admins.
                 if ( is_multisite() && !is_super_admin() )
                         $caps[] = 'do_not_allow';
                 else
                         $caps[] = $cap;
                 break;
 }}}

 That might as well read this:
 {{{
         case 'unfiltered_html':
                 // Disallow unfiltered_html for all users, even admins and
 super admins.
                 if ( defined('DISALLOW_UNFILTERED_HTML') &&
 DISALLOW_UNFILTERED_HTML ) {
                         $caps[] = 'do_not_allow';
                         break;
                 }
                 // If multisite these caps are allowed only for super
 admins.
                 if ( is_multisite() && !is_super_admin() )
                         $caps[] = 'do_not_allow';
                 else
                         $caps[] = $cap;
                 break;
 }}}

 I'm thinking you have something else going on which is why this isn't
 working for you.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15002#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list