WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Perform a cap check on attachments in media_upload_form_handler(). For trunk 

git-svn-id: http://svn.automattic.com/wordpress/trunk@18365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-06-28 21:44:56 +00:00
parent b80ad7a9cf
commit db253a3fe7
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-admin/includes/media.php
View File

@ -436,6 +436,11 @@ function media_upload_form_handler() {
if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
$post = $_post = get_post($attachment_id, ARRAY_A);
$post_type_object = get_post_type_object( $post[ 'post_type' ] );
if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
continue;
if ( isset($attachment['post_content']) )
$post['post_content'] = $attachment['post_content'];
if ( isset($attachment['post_title']) )