WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add some specific JSON responses when there are user permission errors for AJAX file uploads. Replace some usage of `wp_json_encode()` with `wp_send_json_*()`. 

See #25849
Props gcorne

Built from https://develop.svn.wordpress.org/trunk@30354


git-svn-id: http://core.svn.wordpress.org/trunk@30353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2014-11-16 05:47:21 +00:00
parent a005e0b11b
commit fd15794b5c
2 changed files with 25 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-admin/async-upload.php
View File

@ -32,11 +32,6 @@ if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['actio
require_once( ABSPATH . 'wp-admin/admin.php' );
if ( !current_user_can('upload_files') )
wp_die(__('You do not have permission to upload files.'));
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
@ -47,6 +42,12 @@ if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action']
die( '0' );
}
if ( ! current_user_can( 'upload_files' ) ) {
wp_die( __( 'You do not have permission to upload files.' ) );
}
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
// just fetch the detail form for that attachment
if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
$post = get_post( $id );

45
wp-admin/includes/ajax-actions.php
View File

@ -1833,13 +1833,21 @@ function wp_ajax_update_widget() {
function wp_ajax_upload_attachment() {
check_ajax_referer( 'media-form' );
if ( ! current_user_can( 'upload_files' ) )
wp_die();
if ( ! current_user_can( 'upload_files' ) ) {
wp_send_json_error( array(
'message' => __( "You don't have permission to upload files." ),
'filename' => $_FILES['async-upload']['name'],
) );
}
if ( isset( $_REQUEST['post_id'] ) ) {
$post_id = $_REQUEST['post_id'];
if ( ! current_user_can( 'edit_post', $post_id ) )
wp_die();
if ( ! current_user_can( 'edit_post', $post_id ) ) {
wp_send_json_error( array(
'message' => __( "You don't have permission to attach files to this post." ),
'filename' => $_FILES['async-upload']['name'],
) );
}
} else {
$post_id = null;
}
@ -1850,30 +1858,20 @@ function wp_ajax_upload_attachment() {
if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
$wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false );
if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) {
echo wp_json_encode( array(
'success' => false,
'data' => array(
'message' => __( 'The uploaded file is not a valid image. Please try again.' ),
'filename' => $_FILES['async-upload']['name'],
)
wp_send_json_error( array(
'message' => __( 'The uploaded file is not a valid image. Please try again.' ),
'filename' => $_FILES['async-upload']['name'],
) );
wp_die();
}
}
$attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
if ( is_wp_error( $attachment_id ) ) {
echo wp_json_encode( array(
'success' => false,
'data' => array(
'message' => $attachment_id->get_error_message(),
'filename' => $_FILES['async-upload']['name'],
)
wp_send_json_error( array(
'message' => $attachment_id->get_error_message(),
'filename' => $_FILES['async-upload']['name'],
) );
wp_die();
}
if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
@ -1887,12 +1885,7 @@ function wp_ajax_upload_attachment() {
if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
wp_die();
echo wp_json_encode( array(
'success' => true,
'data' => $attachment,
) );
wp_die();
wp_send_json_success( $attachment );
}
/**