Conflict between VU#520827 and TinyMCE

  • There appears to be a conflict between the fix in Cert Vulnerability Note VU#520827 and TinyMCE. The Cert advisory suggest one add this to their .htaccess file

    RewriteCond %{QUERY_STRING} ^[^=]*$
    RewriteCond %{QUERY_STRING} %2d|\- [NC]
    RewriteRule .? – [F,L]

    This conflicts with wordpress/wp-includes/class-wp-editor.php where ‘cache_suffix’ => ‘wp-mce-‘ . $GLOBALS[‘tinymce_version’], resulting in a 403 Forbidden HTTP status code.

    Per various web searches, there appear to be many others having this issue. I suggest changing the cache_suffix to something not in conflict with the .htaccess rule in the Cert advisory. This should be a simple and unobtrusive change.

    ‘cache_suffix’ => ‘wpmce’ . $GLOBALS[‘tinymce_version’],

Viewing 1 replies (of 1 total)

  • Having issues with this as well. Solved it for now by adding this in functions.php.

    function my_format_TinyMCE( $in ) {
    $in[‘cache_suffix’] = ‘ver=wp-mc-‘.$GLOBALS[‘tinymce_version’];
    return $in;
    }
    add_filter( ‘tiny_mce_before_init’, ‘my_format_TinyMCE’ );

Viewing 1 replies (of 1 total)
  • The topic ‘Conflict between VU#520827 and TinyMCE’ is closed to new replies.