Move cap check up. Props mdawaffe. fixes #6838 for trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@7829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-25 15:23:11 +00:00 · 2008-04-25 15:23:11 +00:00 · 2fc180fa45
parent 77087fe6fa
commit 2fc180fa45
1 changed files with 7 additions and 1 deletions
--- a/wp-admin/media.php
+++ b/wp-admin/media.php
@ -9,8 +9,14 @@ wp_reset_vars(array('action'));

 switch( $action ) :
 case 'editattachment' :
-	$errors = media_upload_form_handler();
 	$attachment_id = (int) $_POST['attachment_id'];
+	check_admin_referer('media-form');
+
+	if ( !current_user_can('edit_post', $attachment_id) )
+		wp_die ( __('You are not allowed to edit this attachment.') );
+
+	$errors = media_upload_form_handler();
+

 	check_admin_referer('media-form');