WordPress.org

Make WordPress Core

Changeset 7827


Ignore:
Timestamp:
04/25/08 15:01:02 (6 years ago)
Author:
ryan
Message:

Add cap checks. see #6838

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/media.php

    r7554 r7827  
    1212    $errors = media_upload_form_handler(); 
    1313    $attachment_id = (int) $_POST['attachment_id']; 
     14 
     15    check_admin_referer('media-form'); 
     16 
     17    if ( !current_user_can('edit_post', $attachment_id) ) 
     18        wp_die ( __('You are not allowed to edit this attachment.') ); 
     19 
    1420    if ( empty($errors) ) { 
    1521        $location = 'media.php'; 
     
    4046    } 
    4147    $att_id = (int) $_GET['attachment_id']; 
     48 
     49    if ( !current_user_can('edit_post', $att_id) ) 
     50        wp_die ( __('You are not allowed to edit this attachment.') ); 
     51 
    4252    $att = get_post($att_id); 
    4353 
Note: See TracChangeset for help on using the changeset viewer.