sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure no nonce or multipart_params get passed to the plupload_default_settings filter. see #19910.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@20187 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2012-03-15 12:50:18 +00:00
parent 617e47e9c5
commit e8f20b741c
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-includes/media.php
View File

@ -1452,13 +1452,6 @@ function wp_plupload_default_settings() {
$max_upload_size = wp_max_upload_size();
$params = array(
'action' => 'upload-attachment',
);
$params = apply_filters( 'plupload_default_params', $params );
$params['_wpnonce'] = wp_create_nonce( 'media-form' );
$settings = array(
'runtimes' => 'html5,silverlight,flash,html4',
'file_data_name' => 'async-upload', // key passed to $_FILE.
@ -1470,11 +1463,18 @@ function wp_plupload_default_settings() {
'filters' => array( array( 'title' => __( 'Allowed Files' ), 'extensions' => '*') ),
'multipart' => true,
'urlstream_upload' => true,
'multipart_params' => $params,
);
$settings = apply_filters( 'plupload_default_settings', $settings );
$params = array(
'action' => 'upload-attachment',
);
$params = apply_filters( 'plupload_default_params', $params );
$params['_wpnonce'] = wp_create_nonce( 'media-form' );
$settings['multipart_params'] = $params;
$script = 'var wpPluploadDefaults = ' . json_encode( $settings ) . ';';
$data = $wp_scripts->get_data( 'wp-plupload', 'data' );