id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
20488,DISALLOW_UNFILTERED_HTML improperly controls file edit/modifications,nacin,nacin,"Apparently DISALLOW_UNFILTERED_HTML is not often used, as doing so also accidentally sets various other capabilities to do_not_allow: edit_, install_, update_, and delete_ plugins and themes, and update_core.

On one hand, it could be inferred that disallowing HTML also means you want to disallow access to install or modify code. I would agree. However, update_core should be excluded from this inference.

Attached is a unit test (the constant does not break any other tests, so it appears) and a patch. If we decide that only update_core should be excluded, the patch will be a bit simpler.",defect (bug),closed,normal,3.4,Role/Capability,,normal,fixed,has-patch 2nd-opinion,