Ticket #22711: 22711.3.diff
| File 22711.3.diff, 8.4 KB (added by , 13 years ago) |
|---|
-
wp-admin/includes/ajax-actions.php
1812 1812 if ( ! $id = absint( $_REQUEST['id'] ) ) 1813 1813 wp_send_json_error(); 1814 1814 1815 if ( ! current_user_can( 'read_post',$id ) )1815 if ( ! $post = get_post( $id ) ) 1816 1816 wp_send_json_error(); 1817 1817 1818 if ( 'attachment' != $post->post_type ) 1819 wp_send_json_error(); 1820 1821 if ( ! current_user_can( 'upload_files' ) ) 1822 wp_send_json_error(); 1823 1818 1824 if ( ! $attachment = wp_prepare_attachment_for_js( $id ) ) 1819 1825 wp_send_json_error(); 1820 1826 … … 1827 1833 * @since 3.5.0 1828 1834 */ 1829 1835 function wp_ajax_query_attachments() { 1836 if ( ! current_user_can( 'upload_files' ) ) 1837 wp_send_json_error(); 1838 1830 1839 $query = isset( $_REQUEST['query'] ) ? (array) $_REQUEST['query'] : array(); 1831 1840 $query = array_intersect_key( $query, array_flip( array( 1832 1841 's', 'order', 'orderby', 'posts_per_page', 'paged', 'post_mime_type', … … 1988 1997 if ( ! $post = get_post( $id ) ) 1989 1998 wp_send_json_error(); 1990 1999 1991 if ( ! current_user_can( 'edit_post', $id ) )1992 wp_send_json_error();1993 1994 2000 if ( 'attachment' != $post->post_type ) 1995 2001 wp_send_json_error(); 1996 2002 1997 // If this attachment is unattached, attach it. Primarily a back compat thing. 1998 if ( 0 == $post->post_parent && $insert_into_post_id = intval( $_POST['post_id'] ) ) { 1999 wp_update_post( array( 'ID' => $id, 'post_parent' => $insert_into_post_id ) ); 2003 if ( current_user_can( 'edit_post', $id ) ) { 2004 // If this attachment is unattached, attach it. Primarily a back compat thing. 2005 if ( 0 == $post->post_parent && $insert_into_post_id = intval( $_POST['post_id'] ) ) { 2006 wp_update_post( array( 'ID' => $id, 'post_parent' => $insert_into_post_id ) ); 2007 } 2000 2008 } 2001 2009 2002 2010 $rel = $url = ''; -
wp-includes/css/media-views.css
61 61 border-color: #dfdfdf; 62 62 } 63 63 64 .media-frame input:disabled, 65 .media-frame textarea:disabled, 66 .media-frame input[readonly], 67 .media-frame textarea[readonly] { 68 background-color: #eee; 69 } 70 64 71 .media-frame input[type="search"] { 65 72 -webkit-appearance: textfield; 66 73 } … … 1230 1237 margin: 0 5px 0; 1231 1238 } 1232 1239 1233 .media-sidebar .settings-save-status .saved { 1240 .media-sidebar .settings-save-status .saved, 1241 .media-sidebar .settings-save-status .error { 1234 1242 float: right; 1235 1243 display: none; 1236 1244 } 1237 1245 1238 1246 .media-sidebar .save-waiting .settings-save-status .spinner, 1239 .media-sidebar .save-complete .settings-save-status .saved { 1247 .media-sidebar .save-complete .settings-save-status .saved, 1248 .media-sidebar .save-error .settings-save-status .error { 1240 1249 display: block; 1241 1250 } 1242 1251 -
wp-includes/js/media-models.js
219 219 // If the attachment does not yet have an `id`, return an instantly 220 220 // rejected promise. Otherwise, all of our requests will fail. 221 221 if ( _.isUndefined( this.id ) ) 222 return $.Deferred().reject ().promise();222 return $.Deferred().rejectWith( this ).promise(); 223 223 224 224 // Overload the `read` request so Attachment.fetch() functions correctly. 225 225 if ( 'read' === method ) { … … 233 233 234 234 // Overload the `update` request so properties can be saved. 235 235 } else if ( 'update' === method ) { 236 if ( ! this.get('nonces') ) 237 return $.Deferred().resolveWith( this ).promise(); 236 // If we do not have the necessary nonce, fail immeditately. 237 if ( ! this.get('nonces') || ! this.get('nonces').update ) 238 return $.Deferred().rejectWith( this ).promise(); 238 239 239 240 options = options || {}; 240 241 options.context = this; … … 286 287 saveCompat: function( data, options ) { 287 288 var model = this; 288 289 290 // If we do not have the necessary nonce, fail immeditately. 291 if ( ! this.get('nonces') || ! this.get('nonces').update ) 292 return $.Deferred().rejectWith( this ).promise(); 293 289 294 return media.post( 'save-attachment-compat', _.defaults({ 290 295 id: this.id, 291 296 nonce: this.get('nonces').update, -
wp-includes/js/media-views.js
2731 2731 }, 2732 2732 2733 2733 render: function() { 2734 var attachment = this.model.toJSON(), 2735 options = _.defaults( this.model.toJSON(), { 2734 var options = _.defaults( this.model.toJSON(), { 2736 2735 orientation: 'landscape', 2737 2736 uploading: false, 2738 2737 type: '', … … 2754 2753 if ( 'image' === options.type ) 2755 2754 options.size = this.imageSize(); 2756 2755 2756 options.can = {}; 2757 if ( options.nonces ) { 2758 options.can.remove = !! options.nonces['delete']; 2759 options.can.save = !! options.nonces.update; 2760 } 2761 2757 2762 this.views.detach(); 2758 2763 this.$el.html( this.template( options ) ); 2759 2764 … … 2942 2947 2943 2948 this.updateSave('waiting'); 2944 2949 save.requests = requests; 2945 requests. done( function() {2950 requests.always( function() { 2946 2951 // If we've performed another request since this one, bail. 2947 2952 if ( save.requests !== requests ) 2948 2953 return; 2949 2954 2950 view.updateSave( 'complete');2955 view.updateSave( requests.state() === 'resolved' ? 'complete' : 'error' ); 2951 2956 save.savedTimer = setTimeout( function() { 2952 2957 view.updateSave('ready'); 2953 2958 delete save.savedTimer; -
wp-includes/media.php
1334 1334 'icon' => wp_mime_type_icon( $attachment->ID ), 1335 1335 'dateFormatted' => mysql2date( get_option('date_format'), $attachment->post_date ), 1336 1336 'nonces' => array( 1337 'update' => wp_create_nonce( 'update-post_' . $attachment->ID ),1338 'delete' => wp_create_nonce( 'delete-post_' . $attachment->ID ),1337 'update' => false, 1338 'delete' => false, 1339 1339 ), 1340 1340 ); 1341 1341 1342 if ( current_user_can( 'edit_post', $attachment->ID ) ) 1343 $response['nonces']['update'] = wp_create_nonce( 'update-post_' . $attachment->ID ); 1344 1345 if ( current_user_can( 'delete_post', $attachment->ID ) ) 1346 $response['nonces']['delete'] = wp_create_nonce( 'delete-post_' . $attachment->ID ); 1347 1342 1348 if ( $meta && 'image' === $type ) { 1343 1349 $sizes = array(); 1344 1350 $possible_sizes = apply_filters( 'image_size_names_choose', array( … … 1672 1678 <span class="settings-save-status"> 1673 1679 <span class="spinner"></span> 1674 1680 <span class="saved"><?php esc_html_e('Saved.'); ?></span> 1681 <span class="error"><?php esc_html_e('Error'); ?></span> 1675 1682 </span> 1676 1683 </h3> 1677 1684 <div class="attachment-info"> … … 1690 1697 <# if ( 'image' === data.type && ! data.uploading && data.width && data.height ) { #> 1691 1698 <div class="dimensions">{{ data.width }} × {{ data.height }}</div> 1692 1699 <# } #> 1693 <# if ( ! data.uploading ) { #>1700 <# if ( ! data.uploading && data.can.remove ) { #> 1694 1701 <div class="delete-attachment"> 1695 1702 <a href="#"><?php _e( 'Delete Permanently' ); ?></a> 1696 1703 </div> … … 1703 1710 </div> 1704 1711 </div> 1705 1712 1706 <# if ( 'image' === data.type ) { #> 1713 <# 1714 var maybeReadOnly = data.can.save ? '' : 'readonly'; 1715 if ( 'image' === data.type ) { #> 1707 1716 <label class="setting" data-setting="title"> 1708 1717 <span><?php _e('Title'); ?></span> 1709 <input type="text" value="{{ data.title }}" />1718 <input type="text" value="{{ data.title }}" {{ maybeReadOnly }} /> 1710 1719 </label> 1711 1720 <label class="setting" data-setting="caption"> 1712 1721 <span><?php _e('Caption'); ?></span> 1713 <textarea 1722 <textarea {{ maybeReadOnly }} 1714 1723 placeholder="<?php esc_attr_e('Describe this image…'); ?>" 1715 1724 >{{ data.caption }}</textarea> 1716 1725 </label> 1717 1726 <label class="setting" data-setting="alt"> 1718 1727 <span><?php _e('Alt Text'); ?></span> 1719 <input type="text" value="{{ data.alt }}" />1728 <input type="text" value="{{ data.alt }}" {{ maybeReadOnly }} /> 1720 1729 </label> 1721 1730 <# } else { #> 1722 1731 <label class="setting" data-setting="title"> 1723 1732 <span><?php _e('Title'); ?></span> 1724 <input type="text" value="{{ data.title }}" 1733 <input type="text" value="{{ data.title }}" {{ maybeReadOnly }} 1725 1734 <# if ( 'video' === data.type ) { #> 1726 1735 placeholder="<?php esc_attr_e('Describe this video…'); ?>" 1727 1736 <# } else if ( 'audio' === data.type ) { #>