WordPress.org

Make WordPress Core

Changeset 20187


Ignore:
Timestamp:
03/15/2012 12:50:18 PM (7 years ago)
Author:
nacin
Message:

Ensure no nonce or multipart_params get passed to the plupload_default_settings filter. see #19910.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/media.php

    r20179 r20187  
    14531453    $max_upload_size = wp_max_upload_size();
    14541454
    1455     $params = array(
    1456         'action' => 'upload-attachment',
    1457     );
    1458     $params = apply_filters( 'plupload_default_params', $params );
    1459 
    1460     $params['_wpnonce'] = wp_create_nonce( 'media-form' );
    1461 
    14621455    $settings = array(
    14631456        'runtimes'            => 'html5,silverlight,flash,html4',
     
    14711464        'multipart'           => true,
    14721465        'urlstream_upload'    => true,
    1473         'multipart_params'    => $params,
    14741466    );
    14751467
    14761468    $settings = apply_filters( 'plupload_default_settings', $settings );
     1469
     1470    $params = array(
     1471        'action' => 'upload-attachment',
     1472    );
     1473
     1474    $params = apply_filters( 'plupload_default_params', $params );
     1475    $params['_wpnonce'] = wp_create_nonce( 'media-form' );
     1476    $settings['multipart_params'] = $params;
    14771477
    14781478    $script = 'var wpPluploadDefaults = ' . json_encode( $settings ) . ';';
Note: See TracChangeset for help on using the changeset viewer.