Make WordPress Core


Ignore:
Timestamp:
05/16/2023 03:50:47 PM (13 months ago)
Author:
SergeyBiryukov
Message:

Grouped backports to the 4.8 branch.

  • Media: Prevent CSRF setting attachment thumbnails.
  • Embeds: Add protocol validation for WordPress Embed code.

Merges [55763] and [55764] to the 4.8 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.8/src/wp-includes/media.php

    r41054 r55786  
    34363436        'captions'  => ! apply_filters( 'disable_captions', '' ),
    34373437        'nonce'     => array(
    3438             'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
    3439             'wpRestApi'    => wp_create_nonce( 'wp_rest' ),
     3438            'sendToEditor'           => wp_create_nonce( 'media-send-to-editor' ),
     3439            'wpRestApi'              => wp_create_nonce( 'wp_rest' ),
     3440            'setAttachmentThumbnail' => wp_create_nonce( 'set-attachment-thumbnail' ),
    34403441        ),
    34413442        'post'    => array(
Note: See TracChangeset for help on using the changeset viewer.