From 27f47369b35841a8e019ec29067f19363c2007d6 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Wed, 13 Feb 2008 23:16:11 +0000 Subject: [PATCH] Add capability check to async-upload. Props xknown. fixes #5848 git-svn-id: https://develop.svn.wordpress.org/trunk@6830 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/async-upload.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php index 24a68e8b17..c6350aa085 100644 --- a/wp-admin/async-upload.php +++ b/wp-admin/async-upload.php @@ -16,6 +16,10 @@ unset($current_user); require_once('admin.php'); header('Content-Type: text/plain'); + +if ( !current_user_can('upload_files') ) + wp_die(__('You do not have permission to upload files.')); + $id = media_handle_upload('async-upload', $_REQUEST['post_id']); if (is_wp_error($id)) { echo '
'.wp_specialchars($id->get_error_message()).'
';