WordPress.org

Make WordPress Core

Ticket #22572: 22572.3.patch

File 22572.3.patch, 2.4 KB (added by ocean90, 3 years ago)
  • wp-admin/includes/media.php

     
    21662166 * @since 2.6.0 
    21672167 */ 
    21682168function media_upload_flash_bypass() { 
     2169        $browser_uploader = admin_url( 'media-new.php?browser-uploader' ); 
     2170 
     2171        $post = get_post(); 
     2172        if ( ! empty( $post ) ) 
     2173                $browser_uploader = add_query_arg( 'post_id', $post->ID, $browser_uploader ); 
     2174 
    21692175        ?> 
    21702176        <p class="upload-flash-bypass"> 
    2171         <?php printf( __( 'You are using the multi-file uploader. Problems? Try the <a href="%1$s" target="%2$s">browser uploader</a> instead.' ), admin_url( 'media-new.php?browser-uploader' ), '_blank' ); ?> 
     2177        <?php printf( __( 'You are using the multi-file uploader. Problems? Try the <a href="%1$s" target="%2$s">browser uploader</a> instead.' ), $browser_uploader, '_blank' ); ?> 
    21722178        </p> 
    21732179        <?php 
    21742180} 
  • wp-admin/media-new.php

     
    1717 
    1818wp_enqueue_script('plupload-handlers'); 
    1919 
    20 unset( $_REQUEST['post_id'] ); 
     20$post_id = ! empty( $_REQUEST['post_id'] ) ? (int) $_REQUEST['post_id'] : 0; 
    2121 
    2222if ( $_POST ) { 
     23        if ( ! empty( $post_id ) && ! current_user_can( 'edit_post' , $post_id ) ) 
     24                wp_die( __( 'Cheatin&#8217; uh?' ) ); 
     25 
    2326        $location = 'upload.php'; 
    2427        if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
    2528                check_admin_referer('media-form'); 
    2629                // Upload File button was clicked 
    27                 $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
     30                $id = media_handle_upload('async-upload', $post_id); 
    2831                if ( is_wp_error( $id ) ) 
    2932                        $location .= '?message=3'; 
    3033        } 
    3134        wp_redirect( admin_url( $location ) ); 
    3235        exit; 
     36} else if ( ! empty( $post_id ) ) { 
     37        // post_id is only allowed for browser upload 
     38        wp_die( __( 'Cheatin&#8217; uh?' ) ); 
    3339} 
    3440 
    3541$title = __('Upload New Media'); 
     
    6874        <?php media_upload_form(); ?> 
    6975 
    7076        <script type="text/javascript"> 
    71         var post_id = 0, shortform = 3; 
     77        var post_id = <?php echo $post_id; ?>, shortform = 3; 
    7278        </script> 
    73         <input type="hidden" name="post_id" id="post_id" value="0" /> 
     79        <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" /> 
    7480        <?php wp_nonce_field('media-form'); ?> 
    7581        <div id="media-items" class="hide-if-no-js"></div> 
    7682        </form>