X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8a06f4f9392d1ac373442f82ee40428a3cb81395..refs/tags/wordpress-4.6-scripts:/wp-admin/async-upload.php?ds=inline
diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php
index 18b81041..4022b523 100644
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -1,49 +1,118 @@
post_type )
+ wp_die( __( 'Unknown post type.' ) );
+ if ( ! current_user_can( 'edit_post', $id ) )
+ wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );
-if ( !current_user_can('upload_files') )
- wp_die(__('You do not have permission to upload files.'));
+ switch ( $_REQUEST['fetch'] ) {
+ case 3 :
+ if ( $thumb_url = wp_get_attachment_image_src( $id, 'thumbnail', true ) )
+ echo '';
+ echo '' . _x( 'Edit', 'media item' ) . '';
-// just fetch the detail form for that attachment
-if ( ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
- echo get_media_item($id);
+ // Title shouldn't ever be empty, but use filename just in case.
+ $file = get_attached_file( $post->ID );
+ $title = $post->post_title ? $post->post_title : wp_basename( $file );
+ echo '
' . esc_html( wp_html_excerpt( $title, 60, '…' ) ) . '
';
+ break;
+ case 2 :
+ add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);
+ echo get_media_item($id, array( 'send' => false, 'delete' => true ));
+ break;
+ default:
+ add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
+ echo get_media_item($id);
+ break;
+ }
exit;
}
check_admin_referer('media-form');
-$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
-if (is_wp_error($id)) {
- echo ''.wp_specialchars($id->get_error_message()).'
';
+$post_id = 0;
+if ( isset( $_REQUEST['post_id'] ) ) {
+ $post_id = absint( $_REQUEST['post_id'] );
+ if ( ! get_post( $post_id ) || ! current_user_can( 'edit_post', $post_id ) )
+ $post_id = 0;
+}
+
+$id = media_handle_upload( 'async-upload', $post_id );
+if ( is_wp_error($id) ) {
+ echo '
+
' . __('Dismiss') . '
+
' . sprintf(__('“%s” has failed to upload.'), esc_html($_FILES['async-upload']['name']) ) . '' .
+ esc_html($id->get_error_message()) . '
';
exit;
}
if ( $_REQUEST['short'] ) {
- // short form response - attachment ID only
+ // Short form response - attachment ID only.
echo $id;
-}
-else {
- // long form response - big chunk o html
+} else {
+ // Long form response - big chunk o html.
$type = $_REQUEST['type'];
- echo apply_filters("async_upload_{$type}", $id);
-}
-?>
+ /**
+ * Filters the returned ID of an uploaded attachment.
+ *
+ * The dynamic portion of the hook name, `$type`, refers to the attachment type,
+ * such as 'image', 'audio', 'video', 'file', etc.
+ *
+ * @since 2.5.0
+ *
+ * @param int $id Uploaded attachment ID.
+ */
+ echo apply_filters( "async_upload_{$type}", $id );
+}