Make WordPress Core

Ticket #19290: 19290.patch

File 19290.patch, 589 bytes (added by johnbillion, 13 years ago)
  • wp-admin/admin-ajax.php

     
    14791479        break;
    14801480case 'set-post-thumbnail':
    14811481        $post_ID = intval( $_POST['post_id'] );
    1482         if ( !current_user_can( 'edit_post', $post_ID ) )
     1482        $post_type = get_post_type( $post_ID );
     1483        $post_type_object = get_post_type_object( $post_type );
     1484        if ( !current_user_can( $post_type_object->cap->edit_post, $post_ID ) )
    14831485                die( '-1' );
    14841486        $thumbnail_id = intval( $_POST['thumbnail_id'] );
    14851487