Message info
 
To:wp-svn@lists.automattic.com From:m@wordpress.org Subject:[wp-svn] [21087] branches/3.3/wp-admin/media-upload.php: Restrict post IDs Date:Fri, 15 Jun 2012 17:52:59 +0000 (UTC)
 

Revision
21087
Author
markjaquith
Date
2012-06-15 17:52:59 +0000 (Fri, 15 Jun 2012)

Log Message

Restrict post IDs

Backports [21048] for the 3.3 branch.

Modified Paths

Diff

Modified: branches/3.3/wp-admin/media-upload.php (21086 => 21087)


--- branches/3.3/wp-admin/media-upload.php	2012-06-15 17:50:50 UTC (rev 21086)
+++ branches/3.3/wp-admin/media-upload.php	2012-06-15 17:52:59 UTC (rev 21087)
@@ -36,6 +36,9 @@
 if ( isset($_GET['inline']) ) {
 	$errors = array();
 
+	if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin’ uh?' ) );
+
 	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
 		check_admin_referer('media-form');
 		// Upload File button was clicked
@@ -58,6 +61,9 @@
 		exit;
 	}
 
+	if ( isset( $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin’ uh?' ) );
+
 	$title = __('Upload New Media');
 	$parent_file = 'upload.php';
 	get_current_screen()->add_help_tab( array(
@@ -115,6 +121,8 @@
 	include('./admin-footer.php');
 
 } else {
+	if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin’ uh?' ) );
 
 	// upload type: image, video, file, ..?
 	if ( isset($_GET['type']) )