WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#13894 closed defect (bug) (worksforme)

Cannot save draft or preview as Administrator when Super Administrator is Available.

Reported by: trimidium Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: General Keywords: reporter-feedback
Focuses: Cc:

Description

Today somebody told me they couldn't see an embeded video when they they previewed a post. So I logged in and tried to duplicate problem but had no issue.

However after further testing it was determined only his user account could not see anything in preview. I went in with his user (Administrator) and tried to save a draft after pasting some code in. It saved a blank draft. When logged in as me (super administrator) save draft and preview worked fine. When I made him a super admin he could save and preview.

I duplicated this on both wordpress 3 (rc1) and (3.0-RC3-15241).

Change History (5)

comment:1 nacin4 years ago

  • Keywords reporter-feedback added; save draft preview blank removed
  • Priority changed from high to normal
  • Severity changed from major to normal

I had no problems previewing a post as a non-super administrator or even a contributor in multisite/network.

I would start with disabling all plugins.

comment:2 follow-up: ocean904 years ago

Only videos or text too? Perhaps a problem with unfiltered_html.

comment:3 in reply to: ↑ 2 trimidium4 years ago

Replying to ocean90:

Only videos or text too? Perhaps a problem with unfiltered_html.

With ALL plugins deactivated it still happens. However I have further detail. It doesn't remove text and most code. Just objects. Here is the default youtube embed code:

<object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/mzKmGTVmqJs&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/mzKmGTVmqJs&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>

make new draft as administrator (not super admin) and paste that in html and click save draft. It will remove the code when it refreshes the page. If you type words above them they will stay, just the object is removed.

comment:4 follow-up: nacin4 years ago

  • Milestone 3.0 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

That's unfiltered_html.

In MU/MS/network, only super admins have unfiltered HTML abilities. That would include embedding, script elements, etc.

Use oEmbed instead to embed a YouTube video: http://codex.wordpress.org/Embeds

comment:5 in reply to: ↑ 4 trimidium4 years ago

Replying to nacin:

That's unfiltered_html.

In MU/MS/network, only super admins have unfiltered HTML abilities. That would include embedding, script elements, etc.

Can you please make a warning message saying "removed unfiltered_html" and has a link to the article you just linked me to? There is nothing on the post screen that is intuitive so that I would know this without some sort of error, and having things auto-removed is very confusing.

Note: See TracTickets for help on using tickets.