WordPress 4.7.2 更新

WordPress 4.7.2 于2017年1月26日发布,4.7.2版修正了一些安全问题

WordPress4.7.2截图
WordPress4.7.2截图

摘要

1、The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
2、WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
3、A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.

修订的文件

wp-admin/about.php
wp-admin/includes/class-wp-press-this.php
wp-admin/includes/class-wp-posts-list-table.php
wp-includes/version.php
wp-includes/class-wp-query.php
wp-includes/class-wp-comment.php
wp-includes/class-wp-term.php
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
wp-includes/class-wp-post.php
wp-includes/rest-api.php

(完)

版权声明WordPress头条正在使用WordPress文章版权插件
如未注明,均为原创,转载需注明出处
本文链接地址:http://www.wptoutiao.com/news/133.html

WordPress 4.7.2的相关文章

新版发布的相关文章

还可以分享文章给好友:

发表评论

电子邮件地址不会被公开。 必填项已用*标注