Changeset 5671

Timestamp:

06/08/2007 05:07:59 PM (16 years ago)

Author:

rob1n

Message:

Check the user before overwriting the attachment. Props xknown and Joseph Scott. fixes #4422

File:

• trunk/xmlrpc.php (modified) (2 diffs)

trunk/xmlrpc.php

@@ -1430 +1430 @@
         $bits = $data['bits'];
 
+        logIO('O', '(MW) Received '.strlen($bits).' bytes');
+
+        if ( !$this->login_pass_ok($user_login, $user_pass) )
+            return $this->error;
+
+        set_current_user(0, $user_login);
+        if ( !current_user_can('upload_files') ) {
+            logIO('O', '(MW) User does not have upload_files capability');
+            $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
+            return $this->error;
+        }
+
+        if ( $upload_err = apply_filters( "pre_upload_error", false ) )
+            return new IXR_Error(500, $upload_err);
+
         if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) {
             // Get postmeta info on the object.
@@ -1447 +1462 @@
             $name = "wpid{$old_file->ID}-{$filename}";
         }
-
-        logIO('O', '(MW) Received '.strlen($bits).' bytes');
-
-        if ( !$this->login_pass_ok($user_login, $user_pass) )
-            return $this->error;
-
-        set_current_user(0, $user_login);
-        if ( !current_user_can('upload_files') ) {
-            logIO('O', '(MW) User does not have upload_files capability');
-            $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.'));
-            return $this->error;
-        }
-
-        if ( $upload_err = apply_filters( "pre_upload_error", false ) )
-            return new IXR_Error(500, $upload_err);
 
         $upload = wp_upload_bits($name, $type, $bits, $overwrite);