WordPress.org
Get WordPress

Make WordPress Core

Ticket #25849: 25849-01.patch

File 25849-01.patch, 3.7 KB (added by gcorne, 11 years ago)

  • src/wp-admin/async-upload.php 

    diff --git src/wp-admin/async-upload.php src/wp-admin/async-upload.php
index add6164..763302e 100644
    if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['actio 
    3232
    3333require_once( ABSPATH . 'wp-admin/admin.php' );
    3434
    35 if ( !current_user_can('upload_files') )
    36         wp_die(__('You do not have permission to upload files.'));
    37 
    38 header('Content-Type: text/html; charset=' . get_option('blog_charset'));
    39 
    4035if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
    4136        include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
    4237
    if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] 
    4742        die( '0' );
    4843}
    4944
     45if ( !current_user_can('upload_files') )
     46        wp_die(__('You do not have permission to upload files.'));
     47
     48header('Content-Type: text/html; charset=' . get_option('blog_charset'));
     49
    5050// just fetch the detail form for that attachment
    5151if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
    5252        $post = get_post( $id );

  • src/wp-admin/includes/ajax-actions.php 

    diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php
index 799ef1e..c174cd3 100644
    function wp_ajax_update_widget() { 
    18231823function wp_ajax_upload_attachment() {
    18241824        check_ajax_referer( 'media-form' );
    18251825
    1826         if ( ! current_user_can( 'upload_files' ) )
    1827                 wp_die();
     1826        if ( ! current_user_can( 'upload_files' ) ) {
     1827                wp_send_json_error( array(
     1828                        'message'  => __( "You don't have permission to upload files." ),
     1829                        'filename' => $_FILES['async-upload']['name'],
     1830                ) );
     1831        }
    18281832
    18291833        if ( isset( $_REQUEST['post_id'] ) ) {
    18301834                $post_id = $_REQUEST['post_id'];
    1831                 if ( ! current_user_can( 'edit_post', $post_id ) )
    1832                         wp_die();
     1835                if ( ! current_user_can( 'edit_post', $post_id ) ) {
     1836                        wp_send_json_error( array(
     1837                                'message'  => __( "You don't have permission to attach files to this post." ),
     1838                                'filename' => $_FILES['async-upload']['name'],
     1839                        ) );
     1840                }
    18331841        } else {
    18341842                $post_id = null;
    18351843        }
    function wp_ajax_upload_attachment() { 
    18401848        if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
    18411849                $wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false );
    18421850                if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) {
    1843                         echo json_encode( array(
    1844                                 'success' => false,
    1845                                 'data'    => array(
    1846                                         'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
    1847                                         'filename' => $_FILES['async-upload']['name'],
    1848                                 )
     1851                        wp_send_json_error( array(
     1852                                'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
     1853                                'filename' => $_FILES['async-upload']['name'],
    18491854                        ) );
    1850 
    1851                         wp_die();
    18521855                }
    18531856        }
    18541857
    18551858        $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
    18561859
    18571860        if ( is_wp_error( $attachment_id ) ) {
    1858                 echo json_encode( array(
    1859                         'success' => false,
    1860                         'data'    => array(
    1861                                 'message'  => $attachment_id->get_error_message(),
    1862                                 'filename' => $_FILES['async-upload']['name'],
    1863                         )
     1861                wp_send_json_error( array(
     1862                        'message'  => $attachment_id->get_error_message(),
     1863                        'filename' => $_FILES['async-upload']['name'],
    18641864                ) );
    18651865
    1866                 wp_die();
    18671866        }
    18681867
    18691868        if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
    function wp_ajax_upload_attachment() { 
    18771876        if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
    18781877                wp_die();
    18791878
    1880         echo json_encode( array(
    1881                 'success' => true,
    1882                 'data'    => $attachment,
    1883         ) );
    1884 
    1885         wp_die();
     1879        wp_send_json_success( $attachment );
    18861880}
    18871881
    18881882/**