WordPress.org

Make WordPress Core

Ticket #22572: 22572.2.diff

File 22572.2.diff, 2.2 KB (added by nacin, 5 years ago)
  • wp-admin/media-new.php

     
    1717
    1818wp_enqueue_script('plupload-handlers');
    1919
    20 unset( $_REQUEST['post_id'] );
     20$post_id = 0;
     21if ( isset( $_REQUEST['post_id'] ) ) {
     22        $post_id = absint( $_REQUEST['post_id'] );
     23        if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) )
     24                $post_id = 0;
     25}
    2126
    2227if ( $_POST ) {
    2328        $location = 'upload.php';
    2429        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
    2530                check_admin_referer('media-form');
    2631                // Upload File button was clicked
    27                 $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     32                $id = media_handle_upload( 'async-upload', $post_id );
    2833                if ( is_wp_error( $id ) )
    2934                        $location .= '?message=3';
    3035        }
     
    6873        <?php media_upload_form(); ?>
    6974
    7075        <script type="text/javascript">
    71         var post_id = 0, shortform = 3;
     76        var post_id = <?php echo $post_id; ?>, shortform = 3;
    7277        </script>
    73         <input type="hidden" name="post_id" id="post_id" value="0" />
     78        <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
    7479        <?php wp_nonce_field('media-form'); ?>
    7580        <div id="media-items" class="hide-if-no-js"></div>
    7681        </form>
  • wp-admin/includes/media.php

     
    21662166 * @since 2.6.0
    21672167 */
    21682168function media_upload_flash_bypass() {
     2169        $browser_uploader = admin_url( 'media-new.php?browser-uploader' );
     2170
     2171        if ( $post = get_post() )
     2172                $browser_uploader .= '&amp;post_id=' . intval( $post->ID );
     2173        elseif ( ! empty( $GLOBALS['post_ID'] ) )
     2174                $browser_uploader .= '&amp;post_id=' . intval( $GLOBALS['post_ID'] );
     2175
    21692176        ?>
    21702177        <p class="upload-flash-bypass">
    2171         <?php printf( __( 'You are using the multi-file uploader. Problems? Try the <a href="%1$s" target="%2$s">browser uploader</a> instead.' ), admin_url( 'media-new.php?browser-uploader' ), '_blank' ); ?>
     2178        <?php printf( __( 'You are using the multi-file uploader. Problems? Try the <a href="%1$s" target="%2$s">browser uploader</a> instead.' ), $browser_uploader, '_blank' ); ?>
    21722179        </p>
    21732180        <?php
    21742181}