Make WordPress Core

Changeset 42303 for branches/4.0


Ignore:
Timestamp:
11/29/2017 04:38:34 PM (7 years ago)
Author:
johnbillion
Message:

Hardening: Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Merges [42261] to the 4.0 branch.

Location:
branches/4.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0

  • branches/4.0/src/wp-includes/functions.php

    r39858 r42303  
    23322332        $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
    23332333
    2334     if ( empty( $unfiltered ) )
    2335         unset( $t['htm|html'] );
     2334    if ( empty( $unfiltered ) ) {
     2335        unset( $t['htm|html'], $t['js'] );
     2336    }
    23362337
    23372338    /**
Note: See TracChangeset for help on using the changeset viewer.