'post_content' => $content,
), $post_data );
+ // This should never be set as it would then overwrite an existing attachment.
+ if ( isset( $attachment['ID'] ) )
+ unset( $attachment['ID'] );
+
// Save the data
$id = wp_insert_attachment($attachment, $file, $post_id);
if ( !is_wp_error($id) ) {
'post_content' => $content,
), $post_data );
+ // This should never be set as it would then overwrite an existing attachment.
+ if ( isset( $attachment['ID'] ) )
+ unset( $attachment['ID'] );
+
// Save the attachment metadata
$id = wp_insert_attachment($attachment, $file, $post_id);
if ( !is_wp_error($id) )
do_action( "admin_head_{$content_func}" );
?>
</head>
-<body<?php if ( isset($GLOBALS['body_id']) ) echo ' id="' . $GLOBALS['body_id'] . '"'; ?>>
+<body<?php if ( isset($GLOBALS['body_id']) ) echo ' id="' . $GLOBALS['body_id'] . '"'; ?> class="no-js">
+<script type="text/javascript">
+//<![CDATA[
+(function(){
+var c = document.body.className;
+c = c.replace(/no-js/, 'js');
+document.body.className = c;
+})();
+//]]>
+</script>
<?php
$args = func_get_args();
$args = array_slice($args, 1);
if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
$post = $_post = get_post($attachment_id, ARRAY_A);
+ $post_type_object = get_post_type_object( $post[ 'post_type' ] );
+
+ if ( !current_user_can( $post_type_object->cap->edit_post, $attachment_id ) )
+ continue;
+
if ( isset($attachment['post_content']) )
$post['post_content'] = $attachment['post_content'];
if ( isset($attachment['post_title']) )
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$toggle_on = __( 'Show' );
$toggle_off = __( 'Hide' );
- $filename = basename( $post->guid );
+ $filename = esc_html( basename( $post->guid ) );
$title = esc_attr( $post->post_title );
if ( $_tags = get_the_tags( $attachment_id ) ) {
if ( user_can_richedit() ) { // textarea_escaped when user_can_richedit() = false
$field['value'] = esc_textarea( $field['value'] );
}
- $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . $field['value'] . '</textarea>';
+ $item .= "<textarea id='$name' name='$name' $aria_required>" . $field['value'] . '</textarea>';
} else {
$item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />";
}
</div>
<?php endif; // $flash ?>
-<div id="html-upload-ui">
+<div id="html-upload-ui" <?php if ( $flash ) echo 'class="hide-if-js"'; ?>>
<?php do_action('pre-html-upload-ui'); ?>
<p id="async-upload-wrap">
<label class="screen-reader-text" for="async-upload"><?php _e('Upload'); ?></label>