[wp-trac] [WordPress Trac] #13917: wp.uploadFile cannot be attached to any post
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 1 15:22:35 UTC 2012
#13917: wp.uploadFile cannot be attached to any post
-------------------------------------+-----------------------------
Reporter: ciprian_vb | Owner: josephscott
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: Future Release
Component: XML-RPC | Version: 3.0
Severity: normal | Resolution:
Keywords: has-patch commit mobile |
-------------------------------------+-----------------------------
Comment (by ericmann):
Replying to [comment:11 markoheijnen]:
> How I see it is that wp_insert_attachment() is a low level API so there
are always checks needed. Same as for wp_insert_post.
> So checking if it is allowed to do should be in the xmlrpc method. No
clue how it got handled in the backend. I do now from the user interface
you only can attach an image when the post type is a public one.
I agree that checks need to be added ''somewhere'' but I disagree that
this is the right place for it. Take a look at other refs to
`wp_insert_attachment()` for example:
* `handle_upload()` omits a post ID
* `create_attachment()` takes a post ID of 0
* `wp_update_post()` passes whatever ID it received, most often an
unsanitized `$_REQUEST['post_id']`
* `media_handle_upload()` handles things the same way as
`wp_update_post()`
* `media_handle_sideload()` also handle things the same way as
`wp_update_post()`
So if we really need to be checking that the post exists and is public
before attaching an image, that kind of logic should exist in
`wp_insert_attachment()` itself, and should probably be a separate issue.
The front-end checks you're talking about are probably abstracted into the
UI ...
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13917#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list