]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-admin/includes/media.php
Wordpress 3.1.4
[autoinstalls/wordpress.git] / wp-admin / includes / media.php
index c9d603ea8fa25eabed533584c05b76020a2b1ff3..99deac5a330bb5b7cfd640d34dfe9525245f5e43 100644 (file)
@@ -228,6 +228,10 @@ function media_handle_upload($file_id, $post_id, $post_data = array(), $override
                'post_content' => $content,
        ), $post_data );
 
+       // This should never be set as it would then overwrite an existing attachment.
+       if ( isset( $attachment['ID'] ) )
+               unset( $attachment['ID'] );
+
        // Save the data
        $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) ) {
@@ -281,6 +285,10 @@ function media_handle_sideload($file_array, $post_id, $desc = null, $post_data =
                'post_content' => $content,
        ), $post_data );
 
+       // This should never be set as it would then overwrite an existing attachment.
+       if ( isset( $attachment['ID'] ) )
+               unset( $attachment['ID'] );
+
        // Save the attachment metadata
        $id = wp_insert_attachment($attachment, $file, $post_id);
        if ( !is_wp_error($id) )
@@ -419,6 +427,11 @@ function media_upload_form_handler() {
 
        if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
                $post = $_post = get_post($attachment_id, ARRAY_A);
+               $post_type_object = get_post_type_object( $post[ 'post_type' ] );
+
+               if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+                       continue;
+
                if ( isset($attachment['post_content']) )
                        $post['post_content'] = $attachment['post_content'];
                if ( isset($attachment['post_title']) )
@@ -1192,7 +1205,7 @@ function get_media_item( $attachment_id, $args = null ) {
        $toggle_on  = __( 'Show' );
        $toggle_off = __( 'Hide' );
 
-       $filename = basename( $post->guid );
+       $filename = esc_html( basename( $post->guid ) );
        $title = esc_attr( $post->post_title );
 
        if ( $_tags = get_the_tags( $attachment_id ) ) {