From d84178acd77e2b6977d4839ea85b3c5741c2ed16 Mon Sep 17 00:00:00 2001 From: rob1n Date: Fri, 8 Jun 2007 17:07:59 +0000 Subject: [PATCH] Check the user before overwriting the attachment. Props xknown and Joseph Scott. fixes #4422 git-svn-id: http://svn.automattic.com/wordpress/trunk@5671 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- xmlrpc.php | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/xmlrpc.php b/xmlrpc.php index 8a3390196..648548328 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -1429,6 +1429,21 @@ class wp_xmlrpc_server extends IXR_Server { $type = $data['type']; $bits = $data['bits']; + logIO('O', '(MW) Received '.strlen($bits).' bytes'); + + if ( !$this->login_pass_ok($user_login, $user_pass) ) + return $this->error; + + set_current_user(0, $user_login); + if ( !current_user_can('upload_files') ) { + logIO('O', '(MW) User does not have upload_files capability'); + $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); + return $this->error; + } + + if ( $upload_err = apply_filters( "pre_upload_error", false ) ) + return new IXR_Error(500, $upload_err); + if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { // Get postmeta info on the object. $old_file = $wpdb->get_row(" @@ -1447,21 +1462,6 @@ class wp_xmlrpc_server extends IXR_Server { $name = "wpid{$old_file->ID}-{$filename}"; } - logIO('O', '(MW) Received '.strlen($bits).' bytes'); - - if ( !$this->login_pass_ok($user_login, $user_pass) ) - return $this->error; - - set_current_user(0, $user_login); - if ( !current_user_can('upload_files') ) { - logIO('O', '(MW) User does not have upload_files capability'); - $this->error = new IXR_Error(401, __('You are not allowed to upload files to this site.')); - return $this->error; - } - - if ( $upload_err = apply_filters( "pre_upload_error", false ) ) - return new IXR_Error(500, $upload_err); - $upload = wp_upload_bits($name, $type, $bits, $overwrite); if ( ! empty($upload['error']) ) { $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']);