| |
@@ -819,4 +819,15 @@
|
| |
// Enqueue live preview javascript in Theme Customizer admin screen
|
| |
add_action( 'customize_preview_init' , array( 'rowling_customize' , 'rowling_live_preview' ) );
|
| |
|
| |
+ // Hotfix for arbitrary file deletion vulnerability, 2018-06-29
|
| |
+ add_filter( 'wp_update_attachment_metadata', 'rips_unlink_tempfix' );
|
| |
+
|
| |
+ function rips_unlink_tempfix( $data ) {
|
| |
+ if( isset($data['thumb']) ) {
|
| |
+ $data['thumb'] = basename($data['thumb']);
|
| |
+ }
|
| |
+
|
| |
+ return $data;
|
| |
+ }
|
| |
+
|
| |
?>
|
| |
\ No newline at end of file
|
| |
Hotfix for arbitrary file deletion vulnerability
Q.v.: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/