Index: wp-admin/tools.php =================================================================== --- wp-admin/tools.php (revision 10854) +++ wp-admin/tools.php (working copy) @@ -77,7 +77,7 @@ } ?> - +

Index: wp-admin/press-this.php =================================================================== --- wp-admin/press-this.php (revision 10854) +++ wp-admin/press-this.php (working copy) @@ -10,7 +10,7 @@ require_once('admin.php'); header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); -if ( ! current_user_can('publish_posts') ) wp_die( __( 'Cheatin’ uh?' ) ); +if ( ! current_user_can('edit_posts') ) wp_die( __( 'Cheatin’ uh?' ) ); /** * Replace forward slash with backslash and slash. @@ -64,16 +64,14 @@ $post_ID = wp_insert_post($quick, true); $content = $_REQUEST['content']; - if($_REQUEST['photo_src']) + if( $_REQUEST['photo_src'] && current_user_can('upload_files') ) foreach( (array) $_REQUEST['photo_src'] as $key => $image) // see if files exist in content - we don't want to upload non-used selected files. if( strpos($_REQUEST['content'], $image) !== false ) { $upload = media_sideload_image($image, $post_ID, $_REQUEST['photo_description'][$key]); - - // Replace the POSTED content with correct uploaded ones. - // escape quote for matching - $quoted = preg_quote2($image); - if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=(\"|\')'.$quoted.'(\2)([^>\/]*)\/*>/is', $upload, $content); + + // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes + if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote2($image).'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); } // set the post_content and status @@ -461,7 +459,22 @@
- + +
+

+
+

+ + + + +

+ + +

+
+
+

@@ -502,16 +515,6 @@

-
-

-
-

- - - -

-
-
@@ -530,9 +533,11 @@