sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Provide more helful feedback than just "Cheatin' uh?" for permission errors in wp-admin/media-upload.php.

Browse Source 
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33672. see #14530.

git-svn-id: https://develop.svn.wordpress.org/trunk@33853 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2015-09-02 16:20:46 +00:00
parent 029964a5ed
commit 1efad51200
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/wp-admin/media-upload.php
View File

@ -15,8 +15,9 @@ if ( ! isset( $_GET['inline'] ) )
/** Load WordPress Administration Bootstrap */
require_once( dirname( __FILE__ ) . '/admin.php' );
if (!current_user_can('upload_files'))
wp_die(__('You do not have permission to upload files.'));
if ( ! current_user_can( 'upload_files' ) ) {
wp_die( __( 'You do not have permission to upload files.' ), 403 );
}
wp_enqueue_script('plupload-handlers');
wp_enqueue_script('image-edit');
@ -32,11 +33,19 @@ $post_id = isset($post_id)? (int) $post_id : 0;
// Require an ID for the edit screen.
if ( isset( $action ) && $action == 'edit' && !$ID ) {
wp_die( __( 'Cheatin’ uh?' ), 403 );
wp_die(
'<h1>' . __( 'Cheatin&#8217; uh?' ) . '</h1>' .
'<p>' . __( 'Invalid item ID.' ) . '</p>',
403
);
}
if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) {
wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
wp_die(
'<h1>' . __( 'Cheatin&#8217; uh?' ) . '</h1>' .
'<p>' . __( 'You are not allowed to edit this item.' ) . '</p>',
403
);
}
// Upload type: image, video, file, ..?