Carview!

-                      r17347
+                      r17569
     if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+        check_admin_referer('media-form');
         // Upload File button was clicked
         $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 …
     if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+        check_admin_referer('media-form');
         // Upload File button was clicked
         $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 …
     if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+        check_admin_referer('media-form');
         // Upload File button was clicked
         $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 …
     if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+        check_admin_referer('media-form');
         // Upload File button was clicked
         $id = media_handle_upload('async-upload', $_REQUEST['post_id']);

r16847	r17569
39	39
40	40	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
	41	check_admin_referer('media-form');
41	42	// Upload File button was clicked
42	43	$id = media_handle_upload('async-upload', $_REQUEST['post_id']);

Make WordPress Core