Move cap check up. Props mdawaffe. fixes #6838 for trunk

git-svn-id: https://develop.svn.wordpress.org/trunk@7829 602fd350-edb4-49c9-b593-d223f7449a82
2008-04-25 15:23:11 +00:00 · 2008-04-25 15:23:11 +00:00 · d779fb182e
commit d779fb182e
parent 05a2f61a1f
1 changed files with 7 additions and 1 deletions
--- a/wp-admin/media.php
+++ b/wp-admin/media.php
@ -9,8 +9,14 @@ wp_reset_vars(array('action'));

 switch( $action ) :
 case 'editattachment' :
-	$errors = media_upload_form_handler();
 	$attachment_id = (int) $_POST['attachment_id'];
+	check_admin_referer('media-form');
+
+	if ( !current_user_can('edit_post', $attachment_id) )
+		wp_die ( __('You are not allowed to edit this attachment.') );
+
+	$errors = media_upload_form_handler();
+

 	check_admin_referer('media-form');