Message info
 
To:wp-svn@lists.automattic.com From:m@wordpress.org Subject:[wp-svn] [21048] trunk/wp-admin/media-upload.php: Restrict post IDs Date:Sun, 10 Jun 2012 17:37:49 +0000 (UTC)
 

Revision
21048
Author
ryan
Date
2012-06-10 17:37:49 +0000 (Sun, 10 Jun 2012)

Log Message

Restrict post IDs

Modified Paths

Diff

Modified: trunk/wp-admin/media-upload.php (21047 => 21048)


--- trunk/wp-admin/media-upload.php	2012-06-10 16:22:55 UTC (rev 21047)
+++ trunk/wp-admin/media-upload.php	2012-06-10 17:37:49 UTC (rev 21048)
@@ -37,6 +37,9 @@
 if ( isset($_GET['inline']) ) {
 	$errors = array();
 
+	if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin’ uh?' ) );
+
 	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
 		check_admin_referer('media-form');
 		// Upload File button was clicked
@@ -59,6 +62,9 @@
 		exit;
 	}
 
+	if ( isset( $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin’ uh?' ) );
+
 	$title = __('Upload New Media');
 	$parent_file = 'upload.php';
 	get_current_screen()->add_help_tab( array(
@@ -116,6 +122,8 @@
 	include('./admin-footer.php');
 
 } else {
+	if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin’ uh?' ) );
 
 	// upload type: image, video, file, ..?
 	if ( isset($_GET['type']) )