From 2fc180fa455e56f52696a8daa60e8adb69e4ec33 Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 25 Apr 2008 15:23:11 +0000 Subject: [PATCH] Move cap check up. Props mdawaffe. fixes #6838 for trunk git-svn-id: http://svn.automattic.com/wordpress/trunk@7829 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/media.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/wp-admin/media.php b/wp-admin/media.php index 0df44e9d69..dae8c24dd3 100644 --- a/wp-admin/media.php +++ b/wp-admin/media.php @@ -9,8 +9,14 @@ wp_reset_vars(array('action')); switch( $action ) : case 'editattachment' : - $errors = media_upload_form_handler(); $attachment_id = (int) $_POST['attachment_id']; + check_admin_referer('media-form'); + + if ( !current_user_can('edit_post', $attachment_id) ) + wp_die ( __('You are not allowed to edit this attachment.') ); + + $errors = media_upload_form_handler(); + check_admin_referer('media-form');