WordPress.org

Make WordPress Core

Changeset 5671


Ignore:
Timestamp:
06/08/07 17:07:59 (8 years ago)
Author:
rob1n
Message:

Check the user before overwriting the attachment. Props xknown and Joseph Scott. fixes #4422

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/xmlrpc.php

    r5662 r5671  
    14301430        $bits = $data['bits']; 
    14311431 
     1432        logIO('O', '(MW) Received '.strlen($bits).' bytes'); 
     1433 
     1434        if ( !$this->login_pass_ok($user_login, $user_pass) ) 
     1435            return $this->error; 
     1436 
     1437        set_current_user(0, $user_login); 
     1438        if ( !current_user_can('upload_files') ) { 
     1439            logIO('O', '(MW) User does not have upload_files capability'); 
     1440            $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); 
     1441            return $this->error; 
     1442        } 
     1443 
     1444        if ( $upload_err = apply_filters( "pre_upload_error", false ) ) 
     1445            return new IXR_Error(500, $upload_err); 
     1446 
    14321447        if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { 
    14331448            // Get postmeta info on the object. 
     
    14471462            $name = "wpid{$old_file->ID}-{$filename}"; 
    14481463        } 
    1449  
    1450         logIO('O', '(MW) Received '.strlen($bits).' bytes'); 
    1451  
    1452         if ( !$this->login_pass_ok($user_login, $user_pass) ) 
    1453             return $this->error; 
    1454  
    1455         set_current_user(0, $user_login); 
    1456         if ( !current_user_can('upload_files') ) { 
    1457             logIO('O', '(MW) User does not have upload_files capability'); 
    1458             $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); 
    1459             return $this->error; 
    1460         } 
    1461  
    1462         if ( $upload_err = apply_filters( "pre_upload_error", false ) ) 
    1463             return new IXR_Error(500, $upload_err); 
    14641464 
    14651465        $upload = wp_upload_bits($name, $type, $bits, $overwrite); 
Note: See TracChangeset for help on using the changeset viewer.