Make WordPress Core

Changeset 22935


Ignore:
Timestamp:
11/30/2012 12:23:02 AM (11 years ago)
Author:
nacin
Message:

Verify attachment parent during upload.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.4/wp-admin/async-upload.php

    r19712 r22935  
    5050check_admin_referer('media-form');
    5151
    52 $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     52$post_id = 0;
     53if ( isset( $_REQUEST['post_id'] ) ) {
     54    $post_id = absint( $_REQUEST['post_id'] );
     55    if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) )
     56        $post_id = 0;
     57}
     58
     59$id = media_handle_upload( 'async-upload', $post_id );
    5360if ( is_wp_error($id) ) {
    5461    echo '<div class="error-div">
Note: See TracChangeset for help on using the changeset viewer.