WordPress.org
Get WordPress

Make WordPress Core

Changeset 21087


Ignore:
Timestamp:
06/15/2012 05:52:59 PM (13 years ago)
Author:
markjaquith
Message:

Restrict post IDs

Backports [21048] for the 3.3 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/3.3/wp-admin/media-upload.php

    r19528 r21087  
    3737    $errors = array();
    3838
     39    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
     40        wp_die( __( 'Cheatin’ uh?' ) );
     41
    3942    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
    4043        check_admin_referer('media-form');
     
    5861        exit;
    5962    }
     63
     64    if ( isset( $_REQUEST['post_id'] ) )
     65        wp_die( __( 'Cheatin’ uh?' ) );
    6066
    6167    $title = __('Upload New Media');
     
    116122
    117123} else {
     124    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
     125        wp_die( __( 'Cheatin’ uh?' ) );
    118126
    119127    // upload type: image, video, file, ..?
Note: See TracChangeset for help on using the changeset viewer.