Wordpress 4.5.3

[autoinstalls/wordpress.git] / wp-admin / includes / ajax-actions.php

diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php
index f3d8e839f859bdf76a8cd9e6035c04ff1b490448..0f5583682bf2a66ba6910bcd2ec1c5721cc954e5 100644 (file)
--- a/wp-admin/includes/ajax-actions.php
+++ b/wp-admin/includes/ajax-actions.php
@@ -2602,7 +2602,7 @@ function wp_ajax_send_attachment_to_editor() {
                $rel = $rel ? ' rel="attachment wp-att-' . $id . '"' : ''; // Hard-coded string, $id is already sanitized
 
                if ( ! empty( $url ) ) {
-                       $html = '<a href="' . esc_url( $url ) . '"' . $rel . '">' . $html . '</a>';
+                       $html = '<a href="' . esc_url( $url ) . '"' . $rel . '>' . $html . '</a>';
                }
        }
 
@@ -2761,7 +2761,7 @@ function wp_ajax_get_revision_diffs() {
        if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) )
                wp_send_json_error();
 
-       if ( ! current_user_can( 'read_post', $post->ID ) )
+       if ( ! current_user_can( 'edit_post', $post->ID ) )
                wp_send_json_error();
 
        // Really just pre-loading the cache here.