Perform a cap check on attachments in media_upload_form_handler(). For trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@18365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-06-28 21:44:56 +00:00
parent b80ad7a9cf
commit db253a3fe7
1 changed files with 5 additions and 0 deletions

View File

@ -436,6 +436,11 @@ function media_upload_form_handler() {
if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
$post = $_post = get_post($attachment_id, ARRAY_A); $post = $_post = get_post($attachment_id, ARRAY_A);
$post_type_object = get_post_type_object( $post[ 'post_type' ] );
if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
continue;
if ( isset($attachment['post_content']) ) if ( isset($attachment['post_content']) )
$post['post_content'] = $attachment['post_content']; $post['post_content'] = $attachment['post_content'];
if ( isset($attachment['post_title']) ) if ( isset($attachment['post_title']) )