Permalink
Browse files

Verify attachment parent during upload.

git-svn-id: http://core.svn.wordpress.org/trunk@22915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent fbf4acf commit 7e13a6656cc0971e76f476752bc978eb29d9a7cc @nacin nacin committed Nov 29, 2012
Showing with 8 additions and 1 deletion.
  1. +8 −1 wp-admin/async-upload.php
@@ -73,7 +73,14 @@
check_admin_referer('media-form');
-$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
+$post_id = 0;
+if ( isset( $_REQUEST['post_id'] ) ) {
+ $post_id = absint( $_REQUEST['post_id'] );
+ if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) )
+ $post_id = 0;
+}
+
+$id = media_handle_upload( 'async-upload', $post_id );
if ( is_wp_error($id) ) {
echo '<div class="error-div">
<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>

0 comments on commit 7e13a66

Please sign in to comment.