X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/wordpress.git/blobdiff_plain/80b7979fccf09a75af3f4c111fa27060ae6dbf85..48ab98cb1779cf2088c1351ac3dd3d0da6fb31d3:/wp-admin/async-upload.php?ds=sidebyside diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php index e9d59e22..add61649 100644 --- a/wp-admin/async-upload.php +++ b/wp-admin/async-upload.php @@ -6,52 +6,87 @@ * @subpackage Administration */ -define('WP_ADMIN', true); +if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { + define( 'DOING_AJAX', true ); +} + +if ( ! defined( 'WP_ADMIN' ) ) { + define( 'WP_ADMIN', true ); +} if ( defined('ABSPATH') ) require_once(ABSPATH . 'wp-load.php'); else - require_once('../wp-load.php'); - -// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead -if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) - $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; -elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) - $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; -if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) ) - $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; -unset($current_user); -require_once('./admin.php'); + require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); -header('Content-Type: text/html; charset=' . get_option('blog_charset')); +if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) { + // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead + if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) + $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; + elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) + $_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie']; + if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) ) + $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie']; + unset($current_user); +} + +require_once( ABSPATH . 'wp-admin/admin.php' ); if ( !current_user_can('upload_files') ) wp_die(__('You do not have permission to upload files.')); +header('Content-Type: text/html; charset=' . get_option('blog_charset')); + +if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { + include( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); + + send_nosniff_header(); + nocache_headers(); + + wp_ajax_upload_attachment(); + die( '0' ); +} + // just fetch the detail form for that attachment if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) { $post = get_post( $id ); if ( 'attachment' != $post->post_type ) wp_die( __( 'Unknown post type.' ) ); - $post_type_object = get_post_type_object( 'attachment' ); - if ( ! current_user_can( $post_type_object->cap->edit_post, $id ) ) + if ( ! current_user_can( 'edit_post', $id ) ) wp_die( __( 'You are not allowed to edit this item.' ) ); - if ( 2 == $_REQUEST['fetch'] ) { - add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2); - echo get_media_item($id, array( 'send' => false, 'delete' => true )); - } else { - add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2); - echo get_media_item($id); + switch ( $_REQUEST['fetch'] ) { + case 3 : + if ( $thumb_url = wp_get_attachment_image_src( $id, 'thumbnail', true ) ) + echo ''; + echo '' . _x( 'Edit', 'media item' ) . ''; + $title = $post->post_title ? $post->post_title : wp_basename( $post->guid ); // title shouldn't ever be empty, but use filename just in cas.e + echo '