WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure no nonce or multipart_params get passed to the plupload_default_settings filter. see #19910. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@20187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2012-03-15 12:50:18 +00:00
parent 863a39fac1
commit 5aba8d043c
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-includes/media.php
View File

@ -1452,13 +1452,6 @@ function wp_plupload_default_settings() {
$max_upload_size = wp_max_upload_size(); $max_upload_size = wp_max_upload_size();
$params = array(
'action' => 'upload-attachment',
);
$params = apply_filters( 'plupload_default_params', $params );
$params['_wpnonce'] = wp_create_nonce( 'media-form' );
$settings = array( $settings = array(
'runtimes' => 'html5,silverlight,flash,html4', 'runtimes' => 'html5,silverlight,flash,html4',
'file_data_name' => 'async-upload', // key passed to $_FILE. 'file_data_name' => 'async-upload', // key passed to $_FILE.
@ -1470,11 +1463,18 @@ function wp_plupload_default_settings() {
'filters' => array( array( 'title' => __( 'Allowed Files' ), 'extensions' => '*') ), 'filters' => array( array( 'title' => __( 'Allowed Files' ), 'extensions' => '*') ),
'multipart' => true, 'multipart' => true,
'urlstream_upload' => true, 'urlstream_upload' => true,
'multipart_params' => $params,
); );
$settings = apply_filters( 'plupload_default_settings', $settings ); $settings = apply_filters( 'plupload_default_settings', $settings );
$params = array(
'action' => 'upload-attachment',
);
$params = apply_filters( 'plupload_default_params', $params );
$params['_wpnonce'] = wp_create_nonce( 'media-form' );
$settings['multipart_params'] = $params;
$script = 'var wpPluploadDefaults = ' . json_encode( $settings ) . ';'; $script = 'var wpPluploadDefaults = ' . json_encode( $settings ) . ';';
$data = $wp_scripts->get_data( 'wp-plupload', 'data' ); $data = $wp_scripts->get_data( 'wp-plupload', 'data' );