Make WordPress Core

Changeset 42261 for trunk


Ignore:
Timestamp:
11/29/2017 03:59:41 PM (7 years ago)
Author:
johnbillion
Message:

Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r42228 r42261  
    25662566        $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
    25672567
    2568     if ( empty( $unfiltered ) )
    2569         unset( $t['htm|html'] );
     2568    if ( empty( $unfiltered ) ) {
     2569        unset( $t['htm|html'], $t['js'] );
     2570    }
    25702571
    25712572    /**
Note: See TracChangeset for help on using the changeset viewer.