diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-12-07 10:17:25 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-12-07 10:17:25 +0000 |
commit | e7b243973132b555e66a0517e25232ba213bc35e (patch) | |
tree | ff9d04034493cc544d1064e56a1c8b8265d63b3f /wp-admin/upload.php | |
parent | f57c5009b529dcc2494fc719f605ef64b7f9b4c7 (diff) | |
download | wordpress-mu-e7b243973132b555e66a0517e25232ba213bc35e.tar.gz wordpress-mu-e7b243973132b555e66a0517e25232ba213bc35e.tar.xz wordpress-mu-e7b243973132b555e66a0517e25232ba213bc35e.zip |
WP Merge
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@819 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/upload.php')
-rw-r--r-- | wp-admin/upload.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/wp-admin/upload.php b/wp-admin/upload.php index 53d1e56..b2977c7 100644 --- a/wp-admin/upload.php +++ b/wp-admin/upload.php @@ -8,6 +8,14 @@ if (!current_user_can('upload_files')) wp_reset_vars(array('action', 'tab', 'from_tab', 'style', 'post_id', 'ID', 'paged', 'post_title', 'post_content', 'delete')); +// IDs should be integers +$ID = (int) $ID; +$post_id = (int) $post_id; + +// Require an ID for the edit screen +if ( $action == 'edit' && !$ID ) + wp_die(__("You are not allowed to be here")); + require_once('upload-functions.php'); if ( !$tab ) $tab = 'browse-all'; |