From 69f1ab8b9c14cba7b74087263f2f5b051657da53 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Thu, 29 Nov 2012 02:39:34 +0000
Subject: [PATCH] Verify attachment parent during upload.

git-svn-id: https://develop.svn.wordpress.org/trunk@22915 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/async-upload.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php
index 51143909fd..5f2938e84f 100644
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -73,7 +73,14 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id
 
 check_admin_referer('media-form');
 
-$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
+$post_id = 0;
+if ( isset( $_REQUEST['post_id'] ) ) {
+	$post_id = absint( $_REQUEST['post_id'] );
+	if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) )
+		$post_id = 0;
+}
+
+$id = media_handle_upload( 'async-upload', $post_id );
 if ( is_wp_error($id) ) {
 	echo '<div class="error-div">
 	<a class="dismiss" href="#" onclick="jQuery(this).parents(\'div.media-item\').slideUp(200, function(){jQuery(this).remove();});">' . __('Dismiss') . '</a>