Changeset 18366

Timestamp:

06/28/2011 09:45:31 PM (14 years ago)

Author:

ryan

Message:

Perform a cap check on attachments in media_upload_form_handler(). For 3.1

File:

• branches/3.1/wp-admin/includes/media.php (modified) (1 diff)

branches/3.1/wp-admin/includes/media.php

@@ -428 +428 @@
     if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
         $post = $_post = get_post($attachment_id, ARRAY_A);
+        $post_type_object = get_post_type_object( $post[ 'post_type' ] );
+
+        if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+            continue;
+
         if ( isset($attachment['post_content']) )
             $post['post_content'] = $attachment['post_content'];