diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-05-07 20:34:03 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-05-07 20:34:03 +0000 |
| commit | 4c3d64d83369a786531107f837b2ca3451848ea5 (patch) | |
| tree | e321dc2ef23f234f739324d7d8a1243b759541c7 /wp-admin | |
| parent | be306cd5c1b5c60bbe7405e0052e8db87e702e90 (diff) | |
| download | wordpress-mu-4c3d64d83369a786531107f837b2ca3451848ea5.tar.gz wordpress-mu-4c3d64d83369a786531107f837b2ca3451848ea5.tar.xz wordpress-mu-4c3d64d83369a786531107f837b2ca3451848ea5.zip | |
WP Merge with 2.5.1
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1275 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin')
| -rw-r--r-- | wp-admin/edit-attachment-rows.php | 6 | ||||
| -rw-r--r-- | wp-admin/media.php | 12 |
2 files changed, 16 insertions, 2 deletions
diff --git a/wp-admin/edit-attachment-rows.php b/wp-admin/edit-attachment-rows.php index 407436b..78361e3 100644 --- a/wp-admin/edit-attachment-rows.php +++ b/wp-admin/edit-attachment-rows.php @@ -26,6 +26,10 @@ while (have_posts()) : the_post(); $class = 'alternate' == $class ? '' : 'alternate'; global $current_user; $post_owner = ( $current_user->ID == $post->post_author ? 'self' : 'other' ); +$att_title = get_the_title(); +if ( empty($att_title) ) + $att_title = __('(no title)'); + ?> <tr id='post-<?php echo $id; ?>' class='<?php echo trim( $class . ' author-' . $post_owner . ' status-' . $post->post_status ); ?>' valign="top"> @@ -50,7 +54,7 @@ foreach($posts_columns as $column_name=>$column_display_name) { case 'media': ?> - <td><strong><a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), get_the_title())); ?>"><?php the_title(); ?></a></strong><br /> + <td><strong><a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br /> <?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?> <?php do_action('manage_media_media_column', $post->ID); ?> </td> diff --git a/wp-admin/media.php b/wp-admin/media.php index b280d3a..2508810 100644 --- a/wp-admin/media.php +++ b/wp-admin/media.php @@ -9,8 +9,14 @@ wp_reset_vars(array('action')); switch( $action ) : case 'editattachment' : - $errors = media_upload_form_handler(); $attachment_id = (int) $_POST['attachment_id']; + check_admin_referer('media-form'); + + if ( !current_user_can('edit_post', $attachment_id) ) + wp_die ( __('You are not allowed to edit this attachment.') ); + + $errors = media_upload_form_handler(); + if ( empty($errors) ) { $location = 'media.php'; if ( $referer = wp_get_original_referer() ) { @@ -39,6 +45,10 @@ case 'edit' : exit(); } $att_id = (int) $_GET['attachment_id']; + + if ( !current_user_can('edit_post', $att_id) ) + wp_die ( __('You are not allowed to edit this attachment.') ); + $att = get_post($att_id); add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); |