Wordpress 3.1.1

[autoinstalls/wordpress.git] / wp-admin / includes / media.php

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 5a13bcc243bee95b800833af8b7d98b890ed683c..c9d603ea8fa25eabed533584c05b76020a2b1ff3 100644 (file)
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -499,6 +499,7 @@ function media_upload_image() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);
@@ -604,6 +605,7 @@ function media_upload_audio() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);
@@ -662,6 +664,7 @@ function media_upload_video() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);
@@ -720,6 +723,7 @@ function media_upload_file() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);