Error when saving a Notification [RESOLVED]

Hi!

When updating a notification that has a bunch of HTML layout in the message body, the CMS returns an inline error if a non administrator tries to update a change, even a minimal change as adding a dot. The text contains merge tags.

Administrators are allowed to change the message without any error.

Also, an error states:

The text you have entered is not valid. For security reasons, some characters are not allowed. Fix It

But clicking the “Fix it” link does not provide any answers.

How can we allow non-administrators to edit the message?

If the user role does not have the unfiltered_html capability, the message is validated by using the WordPress wp_kses function to sanitize it, which should remove any content that would not normally be allowed in a post, and then comparing the sanitized value with the original. The fix it link should update the setting with the sanitized message.

The only way to prevent the validation occurring would be to enable the unfiltered_html capability for the user role.

Hey Richard,

Thanks for the lead!

When looking into the settings of the capabilities though ( using the User role editor pro plugin), I see that the “unfiltered_html” capability is a deprecated capability. Also, I see it is enabled.

The unfiltered_html isn’t deprecated. If you can’t configure it, it might be disallowed by the DISALLOW_UNFILTERED_HTML constant, or I think WordPress automatically disallows it on multisite installations when the user is not a super admin.

Hey Richard,

Aaaah, check. The website is indeed a multisite in which the “unfiltered_html” settings is disabled by default in the User Role plugin:

1 Like