Make WordPress Core

Changeset 25317 for trunk/src


Ignore:
Timestamp:
09/10/2013 06:03:26 PM (11 years ago)
Author:
nacin
Message:

Tighten allowed upload file types.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r25313 r25317  
    20242024 * @uses wp_get_upload_mime_types() to fetch the list of mime types
    20252025 *
     2026 * @param int|WP_User $user Optional. User to check. Defaults to current user.
    20262027 * @return array Array of mime types keyed by the file extension regex corresponding to those types.
    20272028 */
    2028 function get_allowed_mime_types() {
    2029     return apply_filters( 'upload_mimes', wp_get_mime_types() );
     2029function get_allowed_mime_types( $user = null ) {
     2030    $t = wp_get_mime_types();
     2031
     2032    unset( $t['swf'], $t['exe'] );
     2033    $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
     2034    if ( ! $unfiltered )
     2035        unset( $t['htm|html'] );
     2036
     2037    return apply_filters( 'upload_mimes', $t, $user );
    20302038}
    20312039
Note: See TracChangeset for help on using the changeset viewer.