Add capability check to async-upload. Props xknown. fixes #5848

git-svn-id: http://svn.automattic.com/wordpress/trunk@6830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-02-13 23:16:11 +00:00
parent ecba594cdc
commit b0b5981a77
1 changed files with 4 additions and 0 deletions

View File

@ -16,6 +16,10 @@ unset($current_user);
require_once('admin.php'); require_once('admin.php');
header('Content-Type: text/plain'); header('Content-Type: text/plain');
if ( !current_user_can('upload_files') )
wp_die(__('You do not have permission to upload files.'));
$id = media_handle_upload('async-upload', $_REQUEST['post_id']); $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
if (is_wp_error($id)) { if (is_wp_error($id)) {
echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>'; echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';