WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/10/2012 05:37:49 PM (6 years ago)
Author:
ryan
Message:

Restrict post IDs

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/media-upload.php

    r20676 r21048  
    3838    $errors = array();
    3939
     40    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
     41        wp_die( __( 'Cheatin’ uh?' ) );
     42
    4043    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
    4144        check_admin_referer('media-form');
     
    5962        exit;
    6063    }
     64
     65    if ( isset( $_REQUEST['post_id'] ) )
     66        wp_die( __( 'Cheatin’ uh?' ) );
    6167
    6268    $title = __('Upload New Media');
     
    117123
    118124} else {
     125    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
     126        wp_die( __( 'Cheatin’ uh?' ) );
    119127
    120128    // upload type: image, video, file, ..?
Note: See TracChangeset for help on using the changeset viewer.