From 5dbc09631b7e3257ecc61db927766fc088df5020 Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 4 Dec 2006 14:05:54 +0000
Subject: [PATCH] Require an attachment ID for upload.php?action=edit.  fixes
 #3333

git-svn-id: http://svn.automattic.com/wordpress/trunk@4600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/upload.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 53d1e56b2..b2977c746 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -8,6 +8,14 @@ if (!current_user_can('upload_files'))
 
 wp_reset_vars(array('action', 'tab', 'from_tab', 'style', 'post_id', 'ID', 'paged', 'post_title', 'post_content', 'delete'));
 
+// IDs should be integers
+$ID = (int) $ID;
+$post_id = (int) $post_id;
+
+// Require an ID for the edit screen
+if ( $action == 'edit' && !$ID )
+	wp_die(__("You are not allowed to be here"));
+
 require_once('upload-functions.php');
 if ( !$tab )
 	$tab = 'browse-all';