WordPress.org

Make WordPress Core

Changeset 7827


Ignore:
Timestamp:
04/25/2008 03:01:02 PM (10 years ago)
Author:
ryan
Message:

Add cap checks. see #6838

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/media.php

    r7554 r7827  
    1212    $errors = media_upload_form_handler();
    1313    $attachment_id = (int) $_POST['attachment_id'];
     14
     15    check_admin_referer('media-form');
     16
     17    if ( !current_user_can('edit_post', $attachment_id) )
     18        wp_die ( __('You are not allowed to edit this attachment.') );
     19
    1420    if ( empty($errors) ) {
    1521        $location = 'media.php';
     
    4046    }
    4147    $att_id = (int) $_GET['attachment_id'];
     48
     49    if ( !current_user_can('edit_post', $att_id) )
     50        wp_die ( __('You are not allowed to edit this attachment.') );
     51
    4252    $att = get_post($att_id);
    4353
Note: See TracChangeset for help on using the changeset viewer.