Make WordPress Core

Changeset 25322


Ignore:
Timestamp:
09/10/2013 06:41:43 PM (11 years ago)
Author:
nacin
Message:

Tighten allowed upload file types. Merges [25317] to 3.6.

Location:
branches/3.6
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.6

  • branches/3.6/wp-includes/functions.php

    r24918 r25322  
    20072007 * @uses wp_get_upload_mime_types() to fetch the list of mime types
    20082008 *
     2009 * @param int|WP_User $user Optional. User to check. Defaults to current user.
    20092010 * @return array Array of mime types keyed by the file extension regex corresponding to those types.
    20102011 */
    2011 function get_allowed_mime_types() {
    2012     return apply_filters( 'upload_mimes', wp_get_mime_types() );
     2012function get_allowed_mime_types( $user = null ) {
     2013    $t = wp_get_mime_types();
     2014
     2015    unset( $t['swf'], $t['exe'] );
     2016    $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
     2017    if ( ! $unfiltered )
     2018        unset( $t['htm|html'] );
     2019
     2020    return apply_filters( 'upload_mimes', $t, $user );
    20132021}
    20142022
Note: See TracChangeset for help on using the changeset viewer.