/** * WP 3.5 This is fix for inserting to editor. * * New GUI checks if current use can 'edit_post' with certain ID * even if attachment is in question. * * Access logic requires that attachment in this case can be inserted * in parent post if user can edit parent post_type. * * @param type $null * @param type $parse_args * @return type */ public static function wpcf_access_files_override($null, $parse_args) { // To check if on media upload screen use // either basename($_SERVER['SCRIPT_NAME']) == 'async-upload.php' // or strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false // Fix types upload if ($parse_args['cap'] == 'upload_files' && !isset($_REQUEST['action']) && isset($_POST['post_id']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) { // This should be the end of a types image upload // temporarily set the $_REQUEST['action'] and process the same as send-attachment-to-editor $_REQUEST['action'] = 'types-end-image-upload'; } if ($parse_args['cap'] == 'upload_files' && isset($_REQUEST['fetch']) && isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'], '/wp-admin/async-upload.php') !== false) { // This should be the crunching part types image upload // We assume that if we got here then this request is ok. return Access_Helper::wpcf_access_parse_caps(true, $parse_args); } // Fix ending to editor if (isset($_REQUEST['action'])) { $action = strval($_REQUEST['action']); switch ($action) { case 'send-attachment-to-editor': case 'types-end-image-upload': if ($_REQUEST['action'] == 'types-end-image-upload') { // remove the temporary action. unset($_REQUEST['action']); } $parent_id = intval($_POST['post_id']); // If user can edit parent post // than he can edit attachment too (at least in this case) $map = map_meta_cap($parse_args['cap'], get_current_user_id(), $parent_id); $result = Access_Helper::wpcf_access_check($parse_args['allcaps'], $map, $parse_args['args'], false); if (!$result) { return Access_Helper::wpcf_access_parse_caps(false, $parse_args); } else { return Access_Helper::wpcf_access_parse_caps(true, $parse_args); } break; default: break; } } return $null; }