From 28fa0ecd9eac56a85bf4dde682f98bee2e0dbb4b Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Sun, 10 Jun 2012 17:37:49 +0000
Subject: [PATCH] Restrict post IDs

git-svn-id: https://develop.svn.wordpress.org/trunk@21048 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/media-upload.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/wp-admin/media-upload.php b/wp-admin/media-upload.php
index 0a4fb8bacd..6246176b88 100644
--- a/wp-admin/media-upload.php
+++ b/wp-admin/media-upload.php
@@ -37,6 +37,9 @@ if ( isset($action) && $action == 'edit' && !$ID )
 if ( isset($_GET['inline']) ) {
 	$errors = array();
 
+	if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin&#8217; uh?' ) );
+
 	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
 		check_admin_referer('media-form');
 		// Upload File button was clicked
@@ -59,6 +62,9 @@ if ( isset($_GET['inline']) ) {
 		exit;
 	}
 
+	if ( isset( $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin&#8217; uh?' ) );
+
 	$title = __('Upload New Media');
 	$parent_file = 'upload.php';
 	get_current_screen()->add_help_tab( array(
@@ -116,6 +122,8 @@ if ( isset($_GET['inline']) ) {
 	include('./admin-footer.php');
 
 } else {
+	if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
+		wp_die( __( 'Cheatin&#8217; uh?' ) );
 
 	// upload type: image, video, file, ..?
 	if ( isset($_GET['type']) )