Command Palette lets unauthorized users switch to Code Editor #57604
Comments
MadtownLems
added
the
[Type] Bug
|
Thanks for the report. I was also able to reproduce this problem. Also, while looking for a solution, I discovered an issue with inconsistent command actions, and issues with the Site Editor. In the Post Editor, there is only one action: "Toggle code editor".
In the Site Editor, on the other hand, the commands change depending on the editor context.
Furthermore, in the Site Editor, the hook that disables the editor type does not seem to be applied. function disable_code_editor( $settings, $context ) {
$settings['codeEditingEnabled'] = false;
return $settings;
}
add_filter( 'block_editor_settings_all', 'disable_code_editor' , 10, 2 );
Therefore, in order to comprehensively resolve this issue, I think we will probably need to follow the steps below.
|
t-hamano
added
[Package] Edit Post
|
Update:
This issue was resolved by #58148. It seems that it has been unified to |
|
Update: In #59299, switching modes via the command palette is now disabled when only one editor mode is available. |
|
Hey! Is this issue is valid?
Seems unrelated to this package maybe and should be a separate issue. |
Description
When access to the Code Editor is disabled (via $settings['codeEditingEnabled'] = false; ), it can still be accessed using the Command Palette.
Step-by-step reproduction instructions
add_filter( 'block_editor_settings_all', 'disable_code_editor' ), 10, 2 );
function disable_code_editor( $settings, $context ) {
$settings['codeEditingEnabled'] = false;
return $settings;
}
Screenshots, screen recording, code snippet
Environment info
WP 6.4.2, no Gutenberg plugin
Please confirm that you have searched existing issues in the repo.
Yes
Please confirm that you have tested with all plugins deactivated except Gutenberg.
Yes
The text was updated successfully, but these errors were encountered: