WordPress.org

Make WordPress Core

Ticket #4422: xmlrpc.php.patch

File xmlrpc.php.patch, 773 bytes (added by xknown, 11 years ago)

Move user validation before attachment deletion

  • xmlrpc.php

     
    14291429                $type = $data['type'];
    14301430                $bits = $data['bits'];
    14311431
     1432                if ( !$this->login_pass_ok($user_login, $user_pass) )
     1433                        return $this->error;
     1434                       
    14321435                if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) {
    14331436                        // Get postmeta info on the object.
    14341437                        $old_file = $wpdb->get_row("
     
    14491452
    14501453                logIO('O', '(MW) Received '.strlen($bits).' bytes');
    14511454
    1452                 if ( !$this->login_pass_ok($user_login, $user_pass) )
    1453                         return $this->error;
    1454 
    14551455                set_current_user(0, $user_login);
    14561456                if ( !current_user_can('upload_files') ) {
    14571457                        logIO('O', '(MW) User does not have upload_files capability');