[wp-trac] [WordPress Trac] #17254: Contributors should be able to upload
WordPress Trac
wp-trac at lists.automattic.com
Wed Apr 27 14:11:55 UTC 2011
#17254: Contributors should be able to upload
-----------------------------+------------------------------
Reporter: jane | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.1
Severity: normal | Resolution:
Keywords: |
-----------------------------+------------------------------
Comment (by aaroncampbell):
Replying to [comment:1 scribu]:
> More importantly, uploaded files are instantly publicly available,
allowing the user to link to them from other sources, before the site
owner has the chance to review them. See #17255
This is really the issue. By default all files are uploaded to wp-
content/uploads/(YYYY/MM)? and can be directly accessed immediately just
by linking to them, even from another site. Basically a contributor (who
isn't trusted to put content on the site) could upload a bunch of porn and
link to it from all over, and you'd be burning through bandwidth (or
worse, serving illegal content to minors) until you notice and remove.
I'm thinking that any re-architecture on this would be a massive project
and backwards compat would be a BEAR. However, maybe someone else will
have a brilliant option.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17254#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list