[wp-trac] [WordPress Trac] #45020: Can theme and plugin file uploading utilize the same form that media uploads use?
WordPress Trac
noreply at wordpress.org
Wed Oct 10 14:20:32 UTC 2018
#45020: Can theme and plugin file uploading utilize the same form that media
uploads use?
-------------------------+------------------------------
Reporter: shaneeckert | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version: trunk
Severity: minor | Resolution:
Keywords: | Focuses: ui
-------------------------+------------------------------
Description changed by SergeyBiryukov:
Old description:
> The media uploader in **wp-admin/upload.php** has an '''Add New'''
> button that loads `media-new.php` (Line 77) which calls the
> `media_upload_form` function in `media.php` (Line 1938). This form runs
> quite a few checks on the file. For example a file with an `.exe`
> extension cannot be uploaded.
>
> This is not the same for uploading Plugins and Themes. Right now you can
> upload any file through these two sections.
>
> For example In `plugin-install.php` on line 334 we create a form to
> upload instead of using the one in media.php line 1938..
>
> There is no check, it just fails when the installer cannot work with the
> file. As well the file is not cleaned up upon failure. This leaves files
> in the directory.
>
> For consistency can we please use the same form for uploading a plugin
> and a theme as we do for media, with adjustments that limit to just ZIP
> files?
>
> upload.php:90
> https://github.com/WordPress/WordPress/blob/56c162fbc9867f923862f64f1b4570d885f1ff03
> /wp-admin/upload.php#L90
>
> media.php:1938
> https://github.com/WordPress/WordPress/blob/8992656b133a672f90ab5da0adfa8f27ac8d6a0a
> /wp-admin/includes/media.php#L1938
>
> plugin-install.php:344
> https://github.com/WordPress/WordPress/blob/56c162fbc9867f923862f64f1b4570d885f1ff03
> /wp-admin/includes/plugin-install.php#L334
>
> **Similar tickets**
>
> https://core.trac.wordpress.org/ticket/44868
>
> https://core.trac.wordpress.org/ticket/44710
New description:
The media uploader in **wp-admin/upload.php** has an '''Add New''' button
that loads `media-new.php` (Line 77) which calls the `media_upload_form`
function in `media.php` (Line 1938). This form runs quite a few checks on
the file. For example a file with an `.exe` extension cannot be uploaded.
This is not the same for uploading Plugins and Themes. Right now you can
upload any file through these two sections.
For example In `plugin-install.php` on line 334 we create a form to upload
instead of using the one in media.php line 1938..
There is no check, it just fails when the installer cannot work with the
file. As well the file is not cleaned up upon failure. This leaves files
in the directory.
For consistency can we please use the same form for uploading a plugin and
a theme as we do for media, with adjustments that limit to just ZIP files?
upload.php:90
https://github.com/WordPress/WordPress/blob/56c162fbc9867f923862f64f1b4570d885f1ff03
/wp-admin/upload.php#L90
media.php:1938
https://github.com/WordPress/WordPress/blob/8992656b133a672f90ab5da0adfa8f27ac8d6a0a
/wp-admin/includes/media.php#L1938
plugin-install.php:344
https://github.com/WordPress/WordPress/blob/56c162fbc9867f923862f64f1b4570d885f1ff03
/wp-admin/includes/plugin-install.php#L334
**Similar tickets**
#44868 #44710
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45020#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list