Home › Forums › Bug Reports › Field saving does not respect unfiltered_html capability › Reply To: Field saving does not respect unfiltered_html capability
Hi @benabaird
Thanks for the bug report and sorry for my delayed reply.
This is a good idea and will be easy to implement.
Please edit the file “includes/form.php” and find the line ~160:
// action
do_action('acf/save_post', $post_id);
Then change it to this:
// Filter $_POST data for users without the 'unfiltered_html' capability.
if( !current_user_can('unfiltered_html') ) {
$_POST['acf'] = wp_kses_post_deep( $_POST['acf'] );
}
// action
do_action('acf/save_post', $post_id);
We have tested this and can confirm it works correctly for author users who don’t have the ‘unfiltered_html’ capability:
https://codex.wordpress.org/Roles_and_Capabilities#unfiltered_html
Let me know your thoughts on the fix and I’ll aim to release a patch shortly.
Thanks
Elliot
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.