X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4..refs/tags/wordpress-2.6.2:/wp-admin/media.php?ds=sidebyside

diff --git a/wp-admin/media.php b/wp-admin/media.php
index 25088108..150dea75 100644
--- a/wp-admin/media.php
+++ b/wp-admin/media.php
@@ -17,6 +17,12 @@ case 'editattachment' :
 
 	$errors = media_upload_form_handler();
 
+
+	check_admin_referer('media-form');
+
+	if ( !current_user_can('edit_post', $attachment_id) )
+		wp_die ( __('You are not allowed to edit this attachment.') );
+
 	if ( empty($errors) ) {
 		$location = 'media.php';
 		if ( $referer = wp_get_original_referer() ) {
@@ -54,7 +60,8 @@ case 'edit' :
 	add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);
 
 	wp_enqueue_script( 'wp-ajax-response' );
-	add_action('admin_head', 'media_admin_css');
+	wp_admin_css( 'media' );
+
 
 	require( 'admin-header.php' );
 
@@ -92,7 +99,7 @@ case 'edit' :
 <?php wp_original_referer_field(true, 'previous'); ?>
 <?php wp_nonce_field('media-form'); ?>
 </p>
-
+</form>
 
 </div>