X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/6c8f14c09105d0afa4c1574215c59b5021040e76..2329f698283944696a7076258cf816545970bb47:/wp-admin/async-upload.php diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php index 5f2938e8..add61649 100644 --- a/wp-admin/async-upload.php +++ b/wp-admin/async-upload.php @@ -6,12 +6,18 @@ * @subpackage Administration */ -define('WP_ADMIN', true); +if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { + define( 'DOING_AJAX', true ); +} + +if ( ! defined( 'WP_ADMIN' ) ) { + define( 'WP_ADMIN', true ); +} if ( defined('ABSPATH') ) require_once(ABSPATH . 'wp-load.php'); else - require_once('../wp-load.php'); + require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) { // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead @@ -24,7 +30,7 @@ if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['actio unset($current_user); } -require_once('./admin.php'); +require_once( ABSPATH . 'wp-admin/admin.php' ); if ( !current_user_can('upload_files') ) wp_die(__('You do not have permission to upload files.')); @@ -32,8 +38,7 @@ if ( !current_user_can('upload_files') ) header('Content-Type: text/html; charset=' . get_option('blog_charset')); if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { - define( 'DOING_AJAX', true ); - include ABSPATH . 'wp-admin/includes/ajax-actions.php'; + include( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); send_nosniff_header(); nocache_headers(); @@ -47,8 +52,7 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id $post = get_post( $id ); if ( 'attachment' != $post->post_type ) wp_die( __( 'Unknown post type.' ) ); - $post_type_object = get_post_type_object( 'attachment' ); - if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) ) + if ( ! current_user_can( 'edit_post', $id ) ) wp_die( __( 'You are not allowed to edit this item.' ) ); switch ( $_REQUEST['fetch'] ) { @@ -57,7 +61,7 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id echo ''; echo '' . _x( 'Edit', 'media item' ) . ''; $title = $post->post_title ? $post->post_title : wp_basename( $post->guid ); // title shouldn't ever be empty, but use filename just in cas.e - echo '