Permalink
Browse files

Perform a cap check on attachments in media_upload_form_handler(). Fo…

…r trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@18365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent b80ad7a commit db253a3fe7711f1a81783b3a1d81147bb93f1eb5 ryan committed Jun 28, 2011
Showing with 5 additions and 0 deletions.
  1. +5 −0 wp-admin/includes/media.php
@@ -436,6 +436,11 @@ function media_upload_form_handler() {
if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
$post = $_post = get_post($attachment_id, ARRAY_A);
+ $post_type_object = get_post_type_object( $post[ 'post_type' ] );
+
+ if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+ continue;
+
if ( isset($attachment['post_content']) )
$post['post_content'] = $attachment['post_content'];
if ( isset($attachment['post_title']) )

0 comments on commit db253a3

Please sign in to comment.