[wp-trac] [WordPress Trac] #22408: wp_insert_attachment and _real_escape input validation and better error handling
WordPress Trac
noreply at wordpress.org
Sat Nov 10 21:47:04 UTC 2012
#22408: wp_insert_attachment and _real_escape input validation and better error
handling
------------------------------+--------------------------
Reporter: magadanski_uchen | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Database
Version: 3.4.2 | Severity: trivial
Keywords: |
------------------------------+--------------------------
Recently when using the `wp_insert_attachment()` function I passed the
whole result of the `wp_check_filetype()` function for the
`"post_mime_type"` attribute, instead of the `"type"` property from the
filetype check result. What I got was an error in the `_real_escape()`
function which expected a string, but received an array, which didn't
quite help me find my error.
I believe some kind of type checking would be nice for both the
`_real_escape()` function as well as the `wp_insert_attachment()`.
It seems suitable if the `wp_insert_attachment()` function returned a
`WP_Error` object in case there are issues with the passed arguments.
I'm not sure, however, what the best solution would be for the
`_real_escape()` function -- return false, fail quietly, raise an
exception or also return a `WP_Error`.
I would have proposed a patch, but I'm not sure what solution to
implement. Let me know if I should do it in a certain way and I'll submit
a patch for review, saving you a little time for other ticket review.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22408>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list