DISALLOW_UNFILTERED_HTML improperly controls file edit/modifications
|Reported by:||nacin||Owned by:||nacin|
Apparently DISALLOW_UNFILTERED_HTML is not often used, as doing so also accidentally sets various other capabilities to do_not_allow: edit_, install_, update_, and delete_ plugins and themes, and update_core.
On one hand, it could be inferred that disallowing HTML also means you want to disallow access to install or modify code. I would agree. However, update_core should be excluded from this inference.
Attached is a unit test (the constant does not break any other tests, so it appears) and a patch. If we decide that only update_core should be excluded, the patch will be a bit simpler.