WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/10/12 17:37:49 (3 years ago)
Author:
ryan
Message:

Restrict post IDs

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/media-upload.php

    r20676 r21048  
    3838    $errors = array(); 
    3939 
     40    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) 
     41        wp_die( __( 'Cheatin’ uh?' ) ); 
     42 
    4043    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
    4144        check_admin_referer('media-form'); 
     
    5962        exit; 
    6063    } 
     64 
     65    if ( isset( $_REQUEST['post_id'] ) ) 
     66        wp_die( __( 'Cheatin’ uh?' ) ); 
    6167 
    6268    $title = __('Upload New Media'); 
     
    117123 
    118124} else { 
     125    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) 
     126        wp_die( __( 'Cheatin’ uh?' ) ); 
    119127 
    120128    // upload type: image, video, file, ..? 
Note: See TracChangeset for help on using the changeset viewer.