Make WordPress Core

Ticket #40193: 40193.diff

File 40193.diff, 514 bytes (added by johnbillion, 7 years ago)
  • src/wp-admin/includes/ajax-actions.php

    diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php
    index 33276d26fa..0b4740d67f 100644
    function wp_ajax_crop_image() { 
    32193219        $attachment_id = absint( $_POST['id'] );
    32203220
    32213221        check_ajax_referer( 'image_editor-' . $attachment_id, 'nonce' );
    3222         if ( ! current_user_can( 'customize' ) ) {
     3222        if ( ! current_user_can( 'edit_post', $attachment_id ) ) {
    32233223                wp_send_json_error();
    32243224        }
    32253225