Make WordPress Core

Changeset 42275


Ignore:
Timestamp:
11/29/2017 04:19:42 PM (6 years ago)
Author:
johnbillion
Message:

Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Merges [42261] to the 4.7 branch.

Location:
branches/4.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-includes/functions.php

    r40403 r42275  
    25532553        $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
    25542554
    2555     if ( empty( $unfiltered ) )
    2556         unset( $t['htm|html'] );
     2555    if ( empty( $unfiltered ) ) {
     2556        unset( $t['htm|html'], $t['js'] );
     2557    }
    25572558
    25582559    /**
Note: See TracChangeset for help on using the changeset viewer.