[wp-trac] [WordPress Trac] #13917: wp.uploadFile cannot be attached to any post

WordPress Trac wp-trac at lists.automattic.com
Thu Mar 1 15:22:35 UTC 2012


#13917: wp.uploadFile cannot be attached to any post
-------------------------------------+-----------------------------
 Reporter:  ciprian_vb               |       Owner:  josephscott
     Type:  task (blessed)           |      Status:  assigned
 Priority:  normal                   |   Milestone:  Future Release
Component:  XML-RPC                  |     Version:  3.0
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch commit mobile  |
-------------------------------------+-----------------------------

Comment (by ericmann):

 Replying to [comment:11 markoheijnen]:
 > How I see it is that wp_insert_attachment() is a low level API so there
 are always checks needed. Same as for wp_insert_post.
 > So checking if it is allowed to do should be in the xmlrpc method. No
 clue how it got handled in the backend. I do now from the user interface
 you only can attach an image when the post type is a public one.

 I agree that checks need to be added ''somewhere'' but I disagree that
 this is the right place for it.  Take a look at other refs to
 `wp_insert_attachment()` for example:

 * `handle_upload()` omits a post ID
 * `create_attachment()` takes a post ID of 0
 * `wp_update_post()` passes whatever ID it received, most often an
 unsanitized `$_REQUEST['post_id']`
 * `media_handle_upload()` handles things the same way as
 `wp_update_post()`
 * `media_handle_sideload()` also handle things the same way as
 `wp_update_post()`

 So if we really need to be checking that the post exists and is public
 before attaching an image, that kind of logic should exist in
 `wp_insert_attachment()` itself, and should probably be a separate issue.

 The front-end checks you're talking about are probably abstracted into the
 UI ...

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13917#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list