WordPress.org

Make WordPress Core

Changeset 22902


Ignore:
Timestamp:
11/28/2012 08:17:57 PM (5 years ago)
Author:
ryan
Message:

Route uploads through async-upload.php instead of admin-ajax.php.

Props nacin, koopersmith
fixes #22622

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/async-upload.php

    r22755 r22902  
    1414    require_once('../wp-load.php');
    1515
    16 // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
    17 if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
    18     $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
    19 elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
    20     $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
    21 if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) )
    22     $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
    23 unset($current_user);
     16if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
     17    // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
     18    if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
     19        $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
     20    elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
     21        $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
     22    if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) )
     23        $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
     24    unset($current_user);
     25}
     26
    2427require_once('./admin.php');
     28
     29if ( !current_user_can('upload_files') )
     30    wp_die(__('You do not have permission to upload files.'));
    2531
    2632header('Content-Type: text/html; charset=' . get_option('blog_charset'));
    2733
    28 if ( !current_user_can('upload_files') )
    29     wp_die(__('You do not have permission to upload files.'));
     34if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
     35    define( 'DOING_AJAX', true );
     36    include ABSPATH . 'wp-admin/includes/ajax-actions.php';
     37
     38    send_nosniff_header();
     39    nocache_headers();
     40
     41    wp_ajax_upload_attachment();
     42    die( '0' );
     43}
    3044
    3145// just fetch the detail form for that attachment
  • trunk/wp-includes/media.php

    r22895 r22902  
    12471247        'multiple_queues'     => true,
    12481248        'max_file_size'       => $max_upload_size . 'b',
    1249         'url'                 => admin_url( 'admin-ajax.php', 'relative' ),
     1249        'url'                 => admin_url( 'async-upload.php', 'relative' ),
    12501250        'flash_swf_url'       => includes_url( 'js/plupload/plupload.flash.swf' ),
    12511251        'silverlight_xap_url' => includes_url( 'js/plupload/plupload.silverlight.xap' ),
Note: See TracChangeset for help on using the changeset viewer.