Verify attachment parent during upload.

git-svn-id: http://core.svn.wordpress.org/trunk@22915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2012-11-29 02:39:34 +00:00
parent fbf4acf638
commit 7e13a6656c
1 changed files with 8 additions and 1 deletions

View File

@ -73,7 +73,14 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id
check_admin_referer('media-form'); check_admin_referer('media-form');
$id = media_handle_upload('async-upload', $_REQUEST['post_id']); $post_id = 0;
if ( isset( $_REQUEST['post_id'] ) ) {
$post_id = absint( $_REQUEST['post_id'] );
if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) )
$post_id = 0;
}
$id = media_handle_upload( 'async-upload', $post_id );
if ( is_wp_error($id) ) { if ( is_wp_error($id) ) {
echo '<div class="error-div"> echo '<div class="error-div">
<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a> <a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>