Change the default version of dependencies

By default, all dependencies without defined version use the WP one instead. It's not a bad idea but as it's a good practice to hide the WP version, it becomes a "security issue". To be sure to don't find WP version into dependency URLs, we modify default dependency version at the source to be sure to impact a maximum of cases (e.g.: `_print_styles` from `wp-login.php`).
7studio · Mar 8, 2017 · 601cb1b · 601cb1b
1 parent 60a68fa
commit 601cb1b
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/functions.php b/functions.php
@@ -554,6 +554,21 @@ function thistle_enqueue_assets() {
 }
 add_action( 'wp_enqueue_scripts', 'thistle_enqueue_assets' );
 
+if ( ! function_exists( 'thistle_change_dependencies_default_version' ) ) {
+    /**
+     * Transforms the default version of dependencies to hide the WP version in URLs.
+     *
+     * @param WP_Styles|WP_Scripts $dependencies WP_Dependencies instance, passed by reference.
+     */
+    function thistle_change_dependencies_default_version( $dependencies ) {
+        if ( ! is_admin() ) {
+            $dependencies->default_version = md5( ABSPATH . '/wp-version/' . $dependencies->default_version );
+        }
+    }
+}
+add_action( 'wp_default_styles', 'thistle_change_dependencies_default_version', PHP_INT_MAX );
+add_action( 'wp_default_scripts', 'thistle_change_dependencies_default_version', PHP_INT_MAX );
+
 
 
 require_once THISTLE_PATH . '/includes/attachment.php';