Make WordPress Core

Changeset 3456


Ignore:
Timestamp:
01/18/2006 07:16:31 PM (19 years ago)
Author:
ryan
Message:

Check upload_files cap for inline uploader. Props David House and doit-cu. fixes #2302

Location:
trunk/wp-admin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-advanced.php

    r3415 r3456  
    219219
    220220<?php
    221 $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
    222 $uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
    223 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
    224 if ( false != $uploading_iframe_src )
    225     echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
     221if (current_user_can('upload_files')) {
     222    $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
     223    $uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
     224    $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
     225    if ( false != $uploading_iframe_src )
     226        echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
     227}
    226228?>
    227229
  • trunk/wp-admin/edit-page-form.php

    r3434 r3456  
    185185
    186186<?php
    187 $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
    188 $uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
    189 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
    190 if ( false != $uploading_iframe_src )
    191     echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
     187if (current_user_can('upload_files')) {
     188    $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
     189    $uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
     190    $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
     191    if ( false != $uploading_iframe_src )
     192        echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
     193}
    192194?>
    193195
  • trunk/wp-admin/inline-uploading.php

    r3439 r3456  
    55header('Content-Type: text/html; charset=' . get_option('blog_charset'));
    66
    7 if (!current_user_can('edit_posts'))
    8     die(__('You do not have permission to edit posts.'));
     7if (!current_user_can('upload_files'))
     8    die(__('You do not have permission to upload files.'));
    99
    1010$wpvarstoreset = array('action', 'post', 'all', 'last', 'link', 'sort', 'start', 'imgtitle', 'descr', 'attachment');
Note: See TracChangeset for help on using the changeset viewer.