Changeset 2653253

Timestamp:

01/05/2022 06:53:36 PM (4 years ago)

Author:

rinatkhaziev

Message:

Move the unsets a bit further down the execution of the filter

File:

• frontend-uploader/trunk/frontend-uploader.php (modified) (2 diffs)

frontend-uploader/trunk/frontend-uploader.php

@@ -155 +155 @@
      */
     function _get_mime_types() {
-        // Use the fallback value but explicitly discard HTML and JS to prevent a possibility of XSS:
-        // If these types are enabled in the UI they'll end up in $this->settings['enabled_files'].
         // $mime_types_orig is needed to re-map the values from the settings lib structure to core WP extension regex => mime-type format.
-        $mime_types = $mime_types_orig = wp_get_mime_types();
-        unset( $mime_types['htm|html'] );
-        unset( $mime_types['js'] );
+        $mime_types = $mime_types_orig = get_allowed_mime_types();
 
         $enabled = isset( $this->settings['enabled_files'] ) && is_array( $this->settings['enabled_files'] ) && $this->settings['enabled_files'] ? $this->settings['enabled_files'] : $mime_types;
@@ -174 +170 @@
             $enabled[ $ext_key ] = $mime_types_orig[ $ext_key ];
         }
+
+        unset( $enabled['htm|html'] );
+        unset( $enabled['js'] );
 
         /**