Opened 4 years ago
Last modified 4 years ago
#51287 new defect (bug)
Administrators & Editors can't create localfile links in a multisite installation
Reported by: | peikgabriel | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | major | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | multisite | Cc: |
Description
Steps to reproduce:
Clean WordPress Multisite installation.
Create a user with Administrator (or Editor) capabilities, not Super Admin.
Login as the new user.
Create a new page, and create a local file link in the visual editor.
Enter a local file URL, e.g. localfile:E:\foobar\
Publish and refresh the page.
The link has now been stripped into a \foobar\.
Note, if you try this with a Super Admin user it works as expected, and the link is correctly created.
Why does WP strip the localfile:E: part of the link if the user is not an admin?
Change History (1)
#1
@
4 years ago
- Component changed from Editor to Formatting
Version 0, edited 4 years ago
by
(next)
Note: See
TracTickets for help on using
tickets.
Hi there, welcome to WordPress Trac! Thanks for the report.
Just noting that this is likely an issue with the KSES library stripping out a part of the link due to
localfile:
not being in the list of allows protocols.