Context Navigation

← Previous Change
Next Change →

media.php

Timestamp:

05/16/2023 03:50:47 PM (22 months ago)

Author:

SergeyBiryukov

Message:

Grouped backports to the 4.8 branch.

Media: Prevent CSRF setting attachment thumbnails.
Embeds: Add protocol validation for WordPress Embed code.

Merges [55763] and [55764] to the 4.8 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.

File:

: 1 edited

branches/4.8/src/wp-includes/media.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

branches/4.8/src/wp-includes/media.php

-                      r41054
+                      r55786
         'captions'  => ! apply_filters( 'disable_captions', '' ),
         'nonce'     => array(
+            'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
+            'wpRestApi'    => wp_create_nonce( 'wp_rest' ),
+            'sendToEditor'           => wp_create_nonce( 'media-send-to-editor' ),
+            'wpRestApi'              => wp_create_nonce( 'wp_rest' ),
+            'setAttachmentThumbnail' => wp_create_nonce( 'set-attachment-thumbnail' ),
         ),
         'post'    => array(

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 55786 for branches/4.8/src/wp-includes/media.php

Legend:

branches/4.8/src/wp-includes/media.php

Download in other formats: