Skip to content

Commit 67d03a9

Browse files
committed
Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Built from https://develop.svn.wordpress.org/trunk@42261 git-svn-id: http://core.svn.wordpress.org/trunk@42090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
1 parent f1de7e4 commit 67d03a9

File tree

2 files changed

+4
-3
lines changed

2 files changed

+4
-3
lines changed

Diff for: wp-includes/functions.php

+3-2
Original file line numberDiff line numberDiff line change
@@ -2565,8 +2565,9 @@ function get_allowed_mime_types( $user = null ) {
25652565
if ( function_exists( 'current_user_can' ) )
25662566
$unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
25672567

2568-
if ( empty( $unfiltered ) )
2569-
unset( $t['htm|html'] );
2568+
if ( empty( $unfiltered ) ) {
2569+
unset( $t['htm|html'], $t['js'] );
2570+
}
25702571

25712572
/**
25722573
* Filters list of allowed mime types and file extensions.

Diff for: wp-includes/version.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
*
55
* @global string $wp_version
66
*/
7-
$wp_version = '5.0-alpha-42260';
7+
$wp_version = '5.0-alpha-42261';
88

99
/**
1010
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

0 commit comments

Comments
 (0)