X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9c40b4d36daed9e28e48a5fe9205c32557195a4b..refs/tags/wordpress-3.3.1-scripts:/wp-admin/async-upload.php diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php index 4197c868..1bd267fa 100644 --- a/wp-admin/async-upload.php +++ b/wp-admin/async-upload.php @@ -18,16 +18,25 @@ if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_c $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; +if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) ) + $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; unset($current_user); -require_once('admin.php'); +require_once('./admin.php'); -header('Content-Type: text/plain; charset=' . get_option('blog_charset')); +header('Content-Type: text/html; charset=' . get_option('blog_charset')); if ( !current_user_can('upload_files') ) wp_die(__('You do not have permission to upload files.')); // just fetch the detail form for that attachment if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) { + $post = get_post( $id ); + if ( 'attachment' != $post->post_type ) + wp_die( __( 'Unknown post type.' ) ); + $post_type_object = get_post_type_object( 'attachment' ); + if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) ) + wp_die( __( 'You are not allowed to edit this item.' ) ); + if ( 2 == $_REQUEST['fetch'] ) { add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); echo get_media_item($id, array( 'send' => false, 'delete' => true )); @@ -41,16 +50,18 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id check_admin_referer('media-form'); $id = media_handle_upload('async-upload', $_REQUEST['post_id']); -if (is_wp_error($id)) { - echo '
'.esc_html($id->get_error_message()).'
'; +if ( is_wp_error($id) ) { + echo '
+ ' . __('Dismiss') . ' + ' . sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name']) ) . '
' . + esc_html($id->get_error_message()) . '
'; exit; } if ( $_REQUEST['short'] ) { // short form response - attachment ID only echo $id; -} -else { +} else { // long form response - big chunk o html $type = $_REQUEST['type']; echo apply_filters("async_upload_{$type}", $id);