WordPress.org

Make WordPress Core

Changeset 5670


Ignore:
Timestamp:
06/08/07 17:06:58 (8 years ago)
Author:
rob1n
Message:

Check the user before overwriting the attachment. Props xknown and Joseph Scott. fixes #4422

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2/xmlrpc.php

    r5650 r5670  
    14381438        $bits = $data['bits']; 
    14391439 
     1440        logIO('O', '(MW) Received '.strlen($bits).' bytes'); 
     1441 
     1442        if ( !$this->login_pass_ok($user_login, $user_pass) ) 
     1443            return $this->error; 
     1444 
     1445        set_current_user(0, $user_login); 
     1446        if ( !current_user_can('upload_files') ) { 
     1447            logIO('O', '(MW) User does not have upload_files capability'); 
     1448            $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); 
     1449            return $this->error; 
     1450        } 
     1451 
     1452        if ( $upload_err = apply_filters( "pre_upload_error", false ) ) 
     1453            return new IXR_Error(500, $upload_err); 
     1454 
    14401455        if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { 
    14411456            // Get postmeta info on the object. 
     
    14551470            $name = "wpid{$old_file->ID}-{$filename}"; 
    14561471        } 
    1457  
    1458         logIO('O', '(MW) Received '.strlen($bits).' bytes'); 
    1459  
    1460         if ( !$this->login_pass_ok($user_login, $user_pass) ) 
    1461             return $this->error; 
    1462  
    1463         set_current_user(0, $user_login); 
    1464         if ( !current_user_can('upload_files') ) { 
    1465             logIO('O', '(MW) User does not have upload_files capability'); 
    1466             $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); 
    1467             return $this->error; 
    1468         } 
    1469  
    1470         if ( $upload_err = apply_filters( "pre_upload_error", false ) ) 
    1471             return new IXR_Error(500, $upload_err); 
    14721472 
    14731473        $upload = wp_upload_bits($name, $type, $bits, $overwrite); 
Note: See TracChangeset for help on using the changeset viewer.