diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-05-07 20:34:03 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-05-07 20:34:03 +0000 |
commit | 4c3d64d83369a786531107f837b2ca3451848ea5 (patch) | |
tree | e321dc2ef23f234f739324d7d8a1243b759541c7 /wp-admin/media.php | |
parent | be306cd5c1b5c60bbe7405e0052e8db87e702e90 (diff) | |
download | wordpress-mu-4c3d64d83369a786531107f837b2ca3451848ea5.tar.gz wordpress-mu-4c3d64d83369a786531107f837b2ca3451848ea5.tar.xz wordpress-mu-4c3d64d83369a786531107f837b2ca3451848ea5.zip |
WP Merge with 2.5.1
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1275 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/media.php')
-rw-r--r-- | wp-admin/media.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/wp-admin/media.php b/wp-admin/media.php index b280d3a..2508810 100644 --- a/wp-admin/media.php +++ b/wp-admin/media.php @@ -9,8 +9,14 @@ wp_reset_vars(array('action')); switch( $action ) : case 'editattachment' : - $errors = media_upload_form_handler(); $attachment_id = (int) $_POST['attachment_id']; + check_admin_referer('media-form'); + + if ( !current_user_can('edit_post', $attachment_id) ) + wp_die ( __('You are not allowed to edit this attachment.') ); + + $errors = media_upload_form_handler(); + if ( empty($errors) ) { $location = 'media.php'; if ( $referer = wp_get_original_referer() ) { @@ -39,6 +45,10 @@ case 'edit' : exit(); } $att_id = (int) $_GET['attachment_id']; + + if ( !current_user_can('edit_post', $att_id) ) + wp_die ( __('You are not allowed to edit this attachment.') ); + $att = get_post($att_id); add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); |