X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/d3b1ea255664edd2deef17f900a655613d20820d..f6364df6999f38896cc58171ec4a503f4f2dedcf:/wp-admin/async-upload.php diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php index 4197c868..6fa65181 100644 --- a/wp-admin/async-upload.php +++ b/wp-admin/async-upload.php @@ -18,8 +18,10 @@ if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_c $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; +if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) ) + $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; unset($current_user); -require_once('admin.php'); +require_once('./admin.php'); header('Content-Type: text/plain; charset=' . get_option('blog_charset')); @@ -28,6 +30,13 @@ if ( !current_user_can('upload_files') ) // just fetch the detail form for that attachment if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) { + $post = get_post( $id ); + if ( 'attachment' != $post->post_type ) + wp_die( __( 'Unknown post type.' ) ); + $post_type_object = get_post_type_object( 'attachment' ); + if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) ) + wp_die( __( 'You are not allowed to edit this item.' ) ); + if ( 2 == $_REQUEST['fetch'] ) { add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); echo get_media_item($id, array( 'send' => false, 'delete' => true )); @@ -41,16 +50,18 @@ if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id check_admin_referer('media-form'); $id = media_handle_upload('async-upload', $_REQUEST['post_id']); -if (is_wp_error($id)) { - echo '
'.esc_html($id->get_error_message()).'
'; +if ( is_wp_error($id) ) { + echo '
+ ' . __('Dismiss') . ' + ' . sprintf(__('“%s” has failed to upload due to an error'), esc_html($_FILES['async-upload']['name']) ) . '
' . + esc_html($id->get_error_message()) . '
'; exit; } if ( $_REQUEST['short'] ) { // short form response - attachment ID only echo $id; -} -else { +} else { // long form response - big chunk o html $type = $_REQUEST['type']; echo apply_filters("async_upload_{$type}", $id);