Add capability check to async-upload. Props xknown. fixes #5848
git-svn-id: http://svn.automattic.com/wordpress/trunk@6830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ecba594cdc
commit
b0b5981a77
|
@ -16,6 +16,10 @@ unset($current_user);
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
header('Content-Type: text/plain');
|
header('Content-Type: text/plain');
|
||||||
|
|
||||||
|
if ( !current_user_can('upload_files') )
|
||||||
|
wp_die(__('You do not have permission to upload files.'));
|
||||||
|
|
||||||
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
||||||
if (is_wp_error($id)) {
|
if (is_wp_error($id)) {
|
||||||
echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
|
echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
|
||||||
|
|
Loading…
Reference in New Issue