Support » Plugins and Hacks » Short code can be removed by users?

Short code can be removed by users?

  • While testing out Frontier Post, I went to the front end editor and instead of typing in a post I just hit the save button. I expected to see an error message that said fields missing or something similar but instead the front end editor came back up with the [frontier-post] displaying in the editor. I then removed the short code [frontier-post] and typed test page and hit save. After that, each time I clicked the create post button, it took me to a page that said “test page” and nothing else. I then created a new username and assigned the editor role to it. Once again I repeated the same steps and once again the create post page was replaced with a page that said test page.

    So does this mean that anyone who has the ability to make posts can break the site by simply pressing the save button before typing anything into the front end editor and then when the page comes back up, remove the [frontier-post] short code?


Viewing 4 replies - 1 through 4 (of 4 total)
  • Does anyone have a solution to this. I would appear that the issue is a major bug if you allow users to submit posts.

    Plugin Author finnj


    I will look into this

    Plugin Author finnj



    I have done some testing but cant recreate the problem. This being said I recognize there is a problem in the code.

    I need to understand if a user profile that isn’t allowed to edit pages can do this.

    I suspect it only is editors and admins that will be able to do this, and they would be able to edit the page anyway – can you please confirm this.

    I still need to fix. It means that I need to implement validation, which is on the roadmap anyway.

    If authors or below is able to edit pages, I need to do an emergency fix- but as I see it is only profiles that could edit the page anyway that is able to do this

    Yes you are correct, on closer inspection only users who have authority to edit other users posts can remove the shortcode. Otherwise if they try to remove the code, they get a message that says they cannot edit the post.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Short code can be removed by users?’ is closed to new replies.