[wp-trac] [WordPress Trac] #20948: Unnecessary post type check in wp_get_attachment_url

WordPress Trac noreply at wordpress.org
Sun Dec 16 05:21:02 UTC 2012 

#20948: Unnecessary post type check in wp_get_attachment_url
------------------------------------+------------------------------
 Reporter:  jfarthing84             |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Media                   |     Version:  3.4
 Severity:  normal                  |  Resolution:
 Keywords:  dev-feedback has-patch  |
------------------------------------+------------------------------

Comment (by nacin):

 Replying to [comment:2 jfarthing84]:
 > Well, I have a custom post type for user uploads. This post type should
 be treated exactly like an attachment. As far as I can tell so far,
 wp_get_attachment_url is the only "media" function that does this check,
 and it hinders other functions from working on a post type other than
 "attachment" (like image_downsize).

 Attachments are designed to be a special type in WordPress. We do
 'attachment' checks frequently (especially on endpoints — look at some
 recent functions added to ajax-actions.php) to avoid (in part) potential
 information disclosure based on someone requesting an "attachment ID" of a
 non-attachment.

 > Why don't I just use the attachment post type? Well, there's a few
 reasons for that. The main reason is because you can't assign any post
 status to an attachment. WordPress forces it to be "inherit" or "private".

 Any other reasons? That's not true, it can also be public, and it can be
 done programmatically otherwise. User uploads should probably go through
 the attachment post type, or they should be a post type that stores your
 information and then the attachment post type holds the information for
 you.

 I'm not saying this itself is a bad idea. I don't think it is. But if we
 do this, we are essentially saying we will always support attachment-
 specific functions to work on non-attachments, and that is just not
 something I think we should be guaranteeing. It requires us to support
 something we don't really care to support. We'll either find a situation
 where we can't, or we'll break the paradigm accidentally later on. So it's
 not really fair to either of us.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20948#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list