Support

Account

Home Forums Bug Reports Field saving does not respect unfiltered_html capability Reply To: Field saving does not respect unfiltered_html capability

  • Hi @benabaird

    Thanks for the bug report and sorry for my delayed reply.
    This is a good idea and will be easy to implement.

    Please edit the file “includes/form.php” and find the line ~160:

    
    // action
    do_action('acf/save_post', $post_id);
    

    Then change it to this:

    
    // Filter $_POST data for users without the 'unfiltered_html' capability.
    if( !current_user_can('unfiltered_html') ) {
    	$_POST['acf'] = wp_kses_post_deep( $_POST['acf'] );
    }
    
    // action
    do_action('acf/save_post', $post_id);
    

    We have tested this and can confirm it works correctly for author users who don’t have the ‘unfiltered_html’ capability:
    https://codex.wordpress.org/Roles_and_Capabilities#unfiltered_html

    Let me know your thoughts on the fix and I’ll aim to release a patch shortly.

    Thanks
    Elliot