? 925832_default_filter_no_role.patch
Index: security_review.checks.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/security_review/security_review.checks.inc,v
retrieving revision 1.1.2.7
diff -u -p -r1.1.2.7 security_review.checks.inc
--- security_review.checks.inc	13 Sep 2010 03:06:52 -0000	1.1.2.7
+++ security_review.checks.inc	2 Oct 2010 23:24:58 -0000
@@ -76,9 +76,17 @@ function security_review_check_input_for
   $check_return_value = array();
   // Check formats that are accessible by untrusted users.
   $untrusted_roles = security_review_untrusted_roles();
+  // The default format is usable by all users even if no roles are listed on it.
+  $default_format = variable_get('filter_default_format', FILTER_FORMAT_DEFAULT);
   foreach ($formats as $id => $format) {
     $format_roles = array_filter(explode(',', $format->roles));
-    $intersect = array_intersect($format_roles, $untrusted_roles);
+    if ($format->format == $default_format) {
+      // The default format is available to all roles.
+      $intersect = drupal_map_assoc(array_keys(user_roles()));
+    }
+    else {
+      $intersect = array_intersect($format_roles, $untrusted_roles);
+    }
     if (!empty($intersect)) {
       // Untrusted users can use this format.
       $filters = filter_list_format($format->format);