[wp-trac] [WordPress Trac] #25395: Potential bug of uploading images using media-upload
WordPress Trac
noreply at wordpress.org
Mon Sep 23 12:22:59 UTC 2013
#25395: Potential bug of uploading images using media-upload
--------------------------+----------------------
Reporter: alucard001 | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Upload | Version: 3.6.1
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+----------------------
Old description:
> File: wp-admin/media-upload.php
> Version: 3.6.1
>
> Line: 37:
> if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' ,
> $_REQUEST['post_id'] ) )
>
> In wordpress
> documentaion:http://codex.wordpress.org/Roles_and_Capabilities#edit_posts
>
> The name of this capabilities should be called "edit_posts", but in this
> file the name of the right is called "edit_post" (without 's').
>
> The result is that when an non-admin user wants to upload an image in a
> theme that is using "option-tree", it will result in a "Cheating, ugh?"
> message.
>
> I am not sure if there are other places where the same thing happened,
> therefore I suggest to do a simple full-code scan to verify that.
>
> Thank you.
New description:
File: wp-admin/media-upload.php
Version: 3.6.1
Line: 37:
{{{
if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' ,
$_REQUEST['post_id'] ) )
}}}
In wordpress
documentaion:http://codex.wordpress.org/Roles_and_Capabilities#edit_posts
The name of this capabilities should be called "edit_posts", but in this
file the name of the right is called "edit_post" (without 's').
The result is that when an non-admin user wants to upload an image in a
theme that is using "option-tree", it will result in a "Cheating, ugh?"
message.
I am not sure if there are other places where the same thing happened,
therefore I suggest to do a simple full-code scan to verify that.
Thank you.
--
Comment (by SergeyBiryukov):
Related: #19834, #22415
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25395#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list