Make WordPress Core

Changeset 30354


Ignore:
Timestamp:
11/16/2014 05:46:35 AM (10 years ago)
Author:
johnbillion
Message:

Add some specific JSON responses when there are user permission errors for AJAX file uploads. Replace some usage of wp_json_encode() with wp_send_json_*().

See #25849
Props gcorne

Location:
trunk/src/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/async-upload.php

    r30244 r30354  
    3333require_once( ABSPATH . 'wp-admin/admin.php' );
    3434
    35 if ( !current_user_can('upload_files') )
    36     wp_die(__('You do not have permission to upload files.'));
    37 
    38 header('Content-Type: text/html; charset=' . get_option('blog_charset'));
    39 
    4035if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
    4136    include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
     
    4742    die( '0' );
    4843}
     44
     45if ( ! current_user_can( 'upload_files' ) ) {
     46    wp_die( __( 'You do not have permission to upload files.' ) );
     47}
     48
     49header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
    4950
    5051// just fetch the detail form for that attachment
  • trunk/src/wp-admin/includes/ajax-actions.php

    r30333 r30354  
    18341834    check_ajax_referer( 'media-form' );
    18351835
    1836     if ( ! current_user_can( 'upload_files' ) )
    1837         wp_die();
     1836    if ( ! current_user_can( 'upload_files' ) ) {
     1837        wp_send_json_error( array(
     1838            'message'  => __( "You don't have permission to upload files." ),
     1839            'filename' => $_FILES['async-upload']['name'],
     1840        ) );
     1841    }
    18381842
    18391843    if ( isset( $_REQUEST['post_id'] ) ) {
    18401844        $post_id = $_REQUEST['post_id'];
    1841         if ( ! current_user_can( 'edit_post', $post_id ) )
    1842             wp_die();
     1845        if ( ! current_user_can( 'edit_post', $post_id ) ) {
     1846            wp_send_json_error( array(
     1847                'message'  => __( "You don't have permission to attach files to this post." ),
     1848                'filename' => $_FILES['async-upload']['name'],
     1849            ) );
     1850        }
    18431851    } else {
    18441852        $post_id = null;
     
    18511859        $wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false );
    18521860        if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) {
    1853             echo wp_json_encode( array(
    1854                 'success' => false,
    1855                 'data'    => array(
    1856                     'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
    1857                     'filename' => $_FILES['async-upload']['name'],
    1858                 )
     1861            wp_send_json_error( array(
     1862                'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
     1863                'filename' => $_FILES['async-upload']['name'],
    18591864            ) );
    1860 
    1861             wp_die();
    18621865        }
    18631866    }
     
    18661869
    18671870    if ( is_wp_error( $attachment_id ) ) {
    1868         echo wp_json_encode( array(
    1869             'success' => false,
    1870             'data'    => array(
    1871                 'message'  => $attachment_id->get_error_message(),
    1872                 'filename' => $_FILES['async-upload']['name'],
    1873             )
     1871        wp_send_json_error( array(
     1872            'message'  => $attachment_id->get_error_message(),
     1873            'filename' => $_FILES['async-upload']['name'],
    18741874        ) );
    1875 
    1876         wp_die();
    18771875    }
    18781876
     
    18881886        wp_die();
    18891887
    1890     echo wp_json_encode( array(
    1891         'success' => true,
    1892         'data'    => $attachment,
    1893     ) );
    1894 
    1895     wp_die();
     1888    wp_send_json_success( $attachment );
    18961889}
    18971890
Note: See TracChangeset for help on using the changeset viewer.