Make WordPress Core

Opened 5 years ago

Last modified 3 years ago

#23391 new enhancement

User in contributor role can add images to post only via the text editor

Reported by: mark-k Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: needs-patch
Focuses: ui, administration Cc:


  1. Create a user with contributor role
  2. start new post with it
  3. notice there is no "add media" button anywhere
  4. switch to text editing
  5. use the img button to insert a URL to a valid img on the web
  6. request approval for the post
  7. let admin/editor approve it
  8. go the the post's URL and notice that the image is shown

So, it is not that contributors are not allowed to use images, it is just that WP makes it hard to do so.

Either HTML needs to be sanitized and have all img tags removes for contributors, or access to the media library should be allowed for contributors denying only access to uploading. I vote for the second option.

Change History (3)

#1 follow-up: @ocean90
5 years ago

The "Add media" isn't displayed because the user hasn't the upload_files cap.

Related: #19834

#2 in reply to: ↑ 1 @mark-k
5 years ago

Replying to ocean90:

The "Add media" isn't displayed because the user hasn't the upload_files cap.

I get the code, I just think it is applied in the wrong place. You should not show the upload tab, and maybe not the media tab, but the "from url" and "gallery" tabs don't do anything that a contributor can't do via the text editor.

#3 @chriscct7
3 years ago

  • Focuses ui administration added
  • Keywords needs-patch added

Without the upload_files cap you can still see media files previously uploaded so showing that shouldn't be an issue either

Note: See TracTickets for help on using tickets.