WordPress.org

Make WordPress Core

Changeset 21087


Ignore:
Timestamp:
06/15/12 17:52:59 (3 years ago)
Author:
markjaquith
Message:

Restrict post IDs

Backports [21048] for the 3.3 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.3/wp-admin/media-upload.php

    r19528 r21087  
    3737    $errors = array(); 
    3838 
     39    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) 
     40        wp_die( __( 'Cheatin’ uh?' ) ); 
     41 
    3942    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
    4043        check_admin_referer('media-form'); 
     
    5861        exit; 
    5962    } 
     63 
     64    if ( isset( $_REQUEST['post_id'] ) ) 
     65        wp_die( __( 'Cheatin’ uh?' ) ); 
    6066 
    6167    $title = __('Upload New Media'); 
     
    116122 
    117123} else { 
     124    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) 
     125        wp_die( __( 'Cheatin’ uh?' ) ); 
    118126 
    119127    // upload type: image, video, file, ..? 
Note: See TracChangeset for help on using the changeset viewer.