From 31482a7968e9d8274a76866326ac5f94cb188e69 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Tue, 10 Sep 2013 18:03:26 +0000
Subject: [PATCH] Tighten allowed upload file types.

git-svn-id: https://develop.svn.wordpress.org/trunk@25317 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/functions.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 966cf811d7..c6ce697fb1 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -2023,10 +2023,18 @@ function wp_get_mime_types() {
  * @uses apply_filters() Calls 'upload_mimes' on returned array
  * @uses wp_get_upload_mime_types() to fetch the list of mime types
  *
+ * @param int|WP_User $user Optional. User to check. Defaults to current user.
  * @return array Array of mime types keyed by the file extension regex corresponding to those types.
  */
-function get_allowed_mime_types() {
-	return apply_filters( 'upload_mimes', wp_get_mime_types() );
+function get_allowed_mime_types( $user = null ) {
+	$t = wp_get_mime_types();
+
+	unset( $t['swf'], $t['exe'] );
+	$unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
+	if ( ! $unfiltered )
+		unset( $t['htm|html'] );
+
+	return apply_filters( 'upload_mimes', $t, $user );
 }
 
 /**