Make WordPress Core

Changeset 18365


Ignore:
Timestamp:
06/28/2011 09:44:56 PM (14 years ago)
Author:
ryan
Message:

Perform a cap check on attachments in media_upload_form_handler(). For trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r18346 r18365  
    437437    if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
    438438        $post = $_post = get_post($attachment_id, ARRAY_A);
     439        $post_type_object = get_post_type_object( $post[ 'post_type' ] );
     440
     441        if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
     442            continue;
     443
    439444        if ( isset($attachment['post_content']) )
    440445            $post['post_content'] = $attachment['post_content'];
Note: See TracChangeset for help on using the changeset viewer.