From 1efad51200d8e987b4c9c1c7fd28e63b022e17c6 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Wed, 2 Sep 2015 16:20:46 +0000
Subject: [PATCH] Provide more helful feedback than just "Cheatin' uh?" for
 permission errors in `wp-admin/media-upload.php`.

props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33672. see #14530.

git-svn-id: https://develop.svn.wordpress.org/trunk@33853 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/media-upload.php | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/wp-admin/media-upload.php b/src/wp-admin/media-upload.php
index 2792b25f17..0c9c5e2554 100644
--- a/src/wp-admin/media-upload.php
+++ b/src/wp-admin/media-upload.php
@@ -15,8 +15,9 @@ if ( ! isset( $_GET['inline'] ) )
 /** Load WordPress Administration Bootstrap */
 require_once( dirname( __FILE__ ) . '/admin.php' );
 
-if (!current_user_can('upload_files'))
-	wp_die(__('You do not have permission to upload files.'));
+if ( ! current_user_can( 'upload_files' ) ) {
+	wp_die( __( 'You do not have permission to upload files.' ), 403 );
+}
 
 wp_enqueue_script('plupload-handlers');
 wp_enqueue_script('image-edit');
@@ -31,12 +32,20 @@ $ID = isset($ID) ? (int) $ID : 0;
 $post_id = isset($post_id)? (int) $post_id : 0;
 
 // Require an ID for the edit screen.
-if ( isset($action) && $action == 'edit' && !$ID ) {
-	wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
+if ( isset( $action ) && $action == 'edit' && !$ID ) {
+	wp_die(
+		'<h1>' . __( 'Cheatin&#8217; uh?' ) . '</h1>' .
+		'<p>' . __( 'Invalid item ID.' ) . '</p>',
+		403
+	);
 }
 
 if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) {
-	wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
+	wp_die(
+		'<h1>' . __( 'Cheatin&#8217; uh?' ) . '</h1>' .
+		'<p>' . __( 'You are not allowed to edit this item.' ) . '</p>',
+		403
+	);
 }
 
 // Upload type: image, video, file, ..?