From b0b5981a771448f6a687d748db9b487b4a6900a3 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 13 Feb 2008 23:16:11 +0000
Subject: [PATCH] Add capability check to async-upload. Props xknown. fixes
 #5848

git-svn-id: http://svn.automattic.com/wordpress/trunk@6830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/async-upload.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php
index 24a68e8b1..c6350aa08 100644
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -16,6 +16,10 @@ unset($current_user);
 require_once('admin.php');
 
 header('Content-Type: text/plain');
+
+if ( !current_user_can('upload_files') )
+	wp_die(__('You do not have permission to upload files.'));
+
 $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 if (is_wp_error($id)) {
 	echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';