[wp-trac] [WordPress Trac] #42964: Vuln Javascript with admin
WordPress Trac
noreply at wordpress.org
Fri Dec 22 07:36:11 UTC 2017
#42964: Vuln Javascript with admin
--------------------------+----------------------
Reporter: trungnd51 | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 4.9.1
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by dd32):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Hi @trungnd51,
You'll need to insert the `define( 'DISALLOW_UNFILTERED_HTML', true );`
line above the line which reads `That's all, Stop editing!` for it to take
effect.
Currently it's being defined effectively after WodPress is run.
Next, in future, please take note of the warnings before submitting an
issue to trac, you would've triggered a warning about not submitting
potential security vulnerabilities here, thankfully this isn't one,
however in future please follow the steps in the link you posted on how to
submit a security issue.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42964#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list