Code editor filter some html tags on HTML type code for other than super admin

acf-extended / ACF-Extended

🚀 All-in-one enhancement suite that improves WordPress & Advanced Custom Fields

https://www.acf-extended.com

238 stars 27 forks source link

Code editor filter some html tags on HTML type code for other than super admin #118

Closed thorin31 closed 10 months ago

thorin31 commented 1 year ago

Description of the bug When you write html code in a code editor field with HTML as the type, it saves correctly if you're super admin, but if you have another role, the code is filtered and certain tags disappear.

To Reproduce Add a code editor field, set it as HTML. Log on wordpress as super admin, write some code HTML with input form tags for example, and submit it. The code stay the same. Now, you log in with a rôle as editor for example, you write the same code and you submit. After submitting, the code is filtered.

Expected behavior The code must be the same after submit.

WordPress & ACF WordPress version: 6.2.2 ACF Pro version: 6.1.7 ACF extended: 0.8.9.3

acf-extended commented 10 months ago

Hello,

Thanks for the feedback!

This is due to ACF internal security logic which apply wp_kses_post_deep() (see documentation) to all fields saved by users who aren't super admin.

This logic is controlled by acf_allow_unfiltered_html(), which can be altered using the acf/allow_unfiltered_html filter.

I hope it answers your question.

Regards.