-
Type:
Task
-
Status: CLOSED
-
Priority:
Should have
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 1.22.0
-
Labels:None
-
Story Points:4
-
Sprint:Sprint #46
-
Section:Security
-
Track:Development
An unpatched wordpress security issue was made public.
There exists a patch we could do on our own theme's functions.php file (aka, without touching wordpress).
add_filter( 'wp_update_attachment_metadata', 'rips_unlink_tempfix' );
function rips_unlink_tempfix( $data ) {
if( isset($data['thumb']) ) {
$data['thumb'] = basename($data['thumb']);
}
return $data;
}
We need to test that to see that it does not break something with our wp-stateless or with anything else in our site.
If stateless is not broken (images uploading, images thumbnails getting created etc), then we can deploy it via our own master-theme