Scheduled posts trigger the non-unfiltered_html filters (regression)
|Reported by:||Otto42||Owned by:||nacin|
|Cc:||esmi@…, info@…, japh@…, jartes|
- Create a post
- Put some iframe or embed or whatever code in it, like a youtube iframe:
<iframe width="420" height="315" src="http://www.youtube.com/embed/oHg5SJYRHA0?rel=0" frameborder="0" allowfullscreen></iframe>
- Schedule the post for the future. One minute in the future will do.
When the post publishes, the iframe will be gone.
Something about the future-post triggers the kses filters. Since the user making the post (wp-cron) is unauthenticated, the unfiltered_html cap is not applied, and the filters engage, cleaning the post before it publishes.
Problem found in 3.5. Have not checked 3.4.2 yet to see if this is a regression.
Change History (24)
- Priority changed from normal to high
- Severity changed from normal to major
- Summary changed from Scheduled posts trigger the non-unfiltered_html filters to Scheduled posts trigger the non-unfiltered_html filters (regression)
comment:16 nacin — 11 months ago
- Owner set to nacin
- Resolution set to fixed
- Status changed from new to closed