From db253a3fe7711f1a81783b3a1d81147bb93f1eb5 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 28 Jun 2011 21:44:56 +0000
Subject: [PATCH] Perform a cap check on attachments in
 media_upload_form_handler(). For trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@18365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/media.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 1a00126133..def2343300 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -436,6 +436,11 @@ function media_upload_form_handler() {
 
 	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
 		$post = $_post = get_post($attachment_id, ARRAY_A);
+		$post_type_object = get_post_type_object( $post[ 'post_type' ] );
+
+		if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+			continue;
+
 		if ( isset($attachment['post_content']) )
 			$post['post_content'] = $attachment['post_content'];
 		if ( isset($attachment['post_title']) )