Make WordPress Core


Ignore:
Timestamp:
05/16/2023 02:26:01 PM (16 months ago)
Author:
audrasjb
Message:

Media: Prevent CSRF setting attachment thumbnails.

Props martinkrcho, paulkevan, peterwilsoncc, xknown, peterwilsoncc.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/media.php

    r55757 r55764  
    45294529        'captions'          => ! apply_filters( 'disable_captions', '' ),
    45304530        'nonce'             => array(
    4531             'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
     4531            'sendToEditor'           => wp_create_nonce( 'media-send-to-editor' ),
     4532            'setAttachmentThumbnail' => wp_create_nonce( 'set-attachment-thumbnail' ),
    45324533        ),
    45334534        'post'              => array(
Note: See TracChangeset for help on using the changeset viewer.