From 19b29d08ee99c4530564374ee0e2ff5e365c7e57 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 18 Jan 2006 19:16:31 +0000
Subject: [PATCH] Check upload_files cap for inline uploader. Props David House
 and doit-cu.  fixes #2302

git-svn-id: http://svn.automattic.com/wordpress/trunk@3456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/edit-form-advanced.php | 12 +++++++-----
 wp-admin/edit-page-form.php     | 12 +++++++-----
 wp-admin/inline-uploading.php   |  4 ++--
 3 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index 17ac76a2c..3f9390a89 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -218,11 +218,13 @@ else
 <?php do_action('edit_form_advanced'); ?>
 
 <?php
-$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
-$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
-if ( false != $uploading_iframe_src )
-	echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+if (current_user_can('upload_files')) {
+	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
+	if ( false != $uploading_iframe_src )
+		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+}
 ?>
 
 <div id="advancedstuff" class="dbx-group" >
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php
index 0c9d68783..ae5948974 100644
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -184,11 +184,13 @@ else
 <?php do_action('edit_page_form'); ?>
 
 <?php
-$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
-$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
-if ( false != $uploading_iframe_src )
-	echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+if (current_user_can('upload_files')) {
+	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+	$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
+	if ( false != $uploading_iframe_src )
+		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+}
 ?>
 
 <div id="advancedstuff" class="dbx-group">
diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php
index b12318686..eabc9dd0b 100644
--- a/wp-admin/inline-uploading.php
+++ b/wp-admin/inline-uploading.php
@@ -4,8 +4,8 @@ require_once('admin.php');
 
 header('Content-Type: text/html; charset=' . get_option('blog_charset'));
 
-if (!current_user_can('edit_posts'))
-	die(__('You do not have permission to edit posts.'));
+if (!current_user_can('upload_files'))
+	die(__('You do not have permission to upload files.'));
 
 $wpvarstoreset = array('action', 'post', 'all', 'last', 'link', 'sort', 'start', 'imgtitle', 'descr', 'attachment');
 
