Check upload_files cap for inline uploader. Props David House and doit-cu. fixes #2302

git-svn-id: http://svn.automattic.com/wordpress/trunk@3456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-01-18 19:16:31 +00:00
parent 395b6dbc1a
commit 19b29d08ee
3 changed files with 16 additions and 12 deletions

View File

@ -218,11 +218,13 @@ else
<?php do_action('edit_form_advanced'); ?>
<?php
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
if (current_user_can('upload_files')) {
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
}
?>
<div id="advancedstuff" class="dbx-group" >

View File

@ -184,11 +184,13 @@ else
<?php do_action('edit_page_form'); ?>
<?php
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
if (current_user_can('upload_files')) {
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
$uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
}
?>
<div id="advancedstuff" class="dbx-group">

View File

@ -4,8 +4,8 @@ require_once('admin.php');
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if (!current_user_can('edit_posts'))
die(__('You do not have permission to edit posts.'));
if (!current_user_can('upload_files'))
die(__('You do not have permission to upload files.'));
$wpvarstoreset = array('action', 'post', 'all', 'last', 'link', 'sort', 'start', 'imgtitle', 'descr', 'attachment');