Support
Account
Home › Forums › Bug Reports › Field saving does not respect unfiltered_html capability › Reply To: Field saving does not respect unfiltered_html capability
Hi @benabaird
Thanks for the bug report and sorry for my delayed reply.
This is a good idea and will be easy to implement.
Please edit the file “includes/form.php” and find the line ~160:
// action
do_action('acf/save_post', $post_id);
Then change it to this:
// Filter $_POST data for users without the 'unfiltered_html' capability.
if( !current_user_can('unfiltered_html') ) {
$_POST['acf'] = wp_kses_post_deep( $_POST['acf'] );
}
// action
do_action('acf/save_post', $post_id);
We have tested this and can confirm it works correctly for author users who don’t have the ‘unfiltered_html’ capability:
https://codex.wordpress.org/Roles_and_Capabilities#unfiltered_html
Let me know your thoughts on the fix and I’ll aim to release a patch shortly.
Thanks
Elliot
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
✨ You can now install ACF PRO with Composer, eliminating the need for third-party installers. Get the details and instructions here. https://t.co/ebEfp60Pwj
— Advanced Custom Fields (@wp_acf) February 2, 2023
© 2023 Advanced Custom Fields.
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Cookie Policy. If you continue to use this site, you consent to our use of cookies.