Ticket #31037: 31037.411.diff
File 31037.411.diff, 3.9 KB (added by , 10 years ago) |
---|
-
src/wp-admin/includes/ajax-actions.php
1822 1822 */ 1823 1823 function wp_ajax_update_widget() { 1824 1824 global $wp_customize; 1825 1825 $wp_customize->widgets->wp_ajax_update_widget(); 1826 1826 } 1827 1827 1828 1828 /** 1829 1829 * Ajax handler for uploading attachments 1830 1830 * 1831 1831 * @since 3.3.0 1832 1832 */ 1833 1833 function wp_ajax_upload_attachment() { 1834 1834 check_ajax_referer( 'media-form' ); 1835 1835 1836 1836 if ( ! current_user_can( 'upload_files' ) ) { 1837 wp_send_json_error( array( 1838 'message' => __( "You don't have permission to upload files." ), 1839 'filename' => $_FILES['async-upload']['name'], 1837 echo wp_json_encode( array( 1838 'success' => false, 1839 'data' => array( 1840 'message' => __( "You don't have permission to upload files." ), 1841 'filename' => $_FILES['async-upload']['name'], 1842 ) 1840 1843 ) ); 1844 1845 wp_die(); 1841 1846 } 1842 1847 1843 1848 if ( isset( $_REQUEST['post_id'] ) ) { 1844 1849 $post_id = $_REQUEST['post_id']; 1845 1850 if ( ! current_user_can( 'edit_post', $post_id ) ) { 1846 wp_send_json_error( array( 1847 'message' => __( "You don't have permission to attach files to this post." ), 1848 'filename' => $_FILES['async-upload']['name'], 1851 echo wp_json_encode( array( 1852 'success' => false, 1853 'data' => array( 1854 'message' => __( "You don't have permission to attach files to this post." ), 1855 'filename' => $_FILES['async-upload']['name'], 1856 ) 1849 1857 ) ); 1858 1859 wp_die(); 1850 1860 } 1851 1861 } else { 1852 1862 $post_id = null; 1853 1863 } 1854 1864 1855 1865 $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array(); 1856 1866 1857 1867 // If the context is custom header or background, make sure the uploaded file is an image. 1858 1868 if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) { 1859 1869 $wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false ); 1860 1870 if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) { 1861 wp_send_json_error( array( 1862 'message' => __( 'The uploaded file is not a valid image. Please try again.' ), 1863 'filename' => $_FILES['async-upload']['name'], 1871 echo wp_json_encode( array( 1872 'success' => false, 1873 'data' => array( 1874 'message' => __( 'The uploaded file is not a valid image. Please try again.' ), 1875 'filename' => $_FILES['async-upload']['name'], 1876 ) 1864 1877 ) ); 1878 1879 wp_die(); 1865 1880 } 1866 1881 } 1867 1882 1868 1883 $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); 1869 1884 1870 1885 if ( is_wp_error( $attachment_id ) ) { 1871 wp_send_json_error( array( 1872 'message' => $attachment_id->get_error_message(), 1873 'filename' => $_FILES['async-upload']['name'], 1886 echo wp_json_encode( array( 1887 'success' => false, 1888 'data' => array( 1889 'message' => $attachment_id->get_error_message(), 1890 'filename' => $_FILES['async-upload']['name'], 1891 ) 1874 1892 ) ); 1893 1894 wp_die(); 1875 1895 } 1876 1896 1877 1897 if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { 1878 1898 if ( 'custom-background' === $post_data['context'] ) 1879 1899 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); 1880 1900 1881 1901 if ( 'custom-header' === $post_data['context'] ) 1882 1902 update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); 1883 1903 } 1884 1904 1885 1905 if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) ) 1886 1906 wp_die(); 1887 1907 1888 wp_send_json_success( $attachment ); 1908 echo wp_json_encode( array( 1909 'success' => true, 1910 'data' => $attachment, 1911 ) ); 1912 1913 wp_die(); 1889 1914 } 1890 1915 1891 1916 /** 1892 1917 * Ajax handler for image editing. 1893 1918 * 1894 1919 * @since 3.1.0 1895 1920 */ 1896 1921 function wp_ajax_image_editor() { 1897 1922 $attachment_id = intval($_POST['postid']); 1898 1923 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1899 1924 wp_die( -1 ); 1900 1925 1901 1926 check_ajax_referer( "image_editor-$attachment_id" ); 1902 1927 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); 1903 1928