[wp-trac] [WordPress Trac] #16849: Add a filter for $overrides in wp_handle_upload()

WordPress Trac noreply at wordpress.org
Thu Sep 5 02:23:42 UTC 2013

#16849: Add a filter for $overrides in wp_handle_upload()
 Reporter:  iandunn                     |       Owner:
     Type:  enhancement                 |      Status:  new
 Priority:  normal                      |   Milestone:  3.7
Component:  Plugins                     |     Version:  3.1
 Severity:  minor                       |  Resolution:
 Keywords:  has-patch commit 3.6-early  |

Comment (by nacin):

 We really, really need to change how this works. Deliberately allowing
 people to specify variables so we can EXTR_OVERWRITE them is a recipe for
 disaster — or at least, in this case, inflexibility. This function really
 scares me because it can encourage bad or insecure code. That, and it
 doesn't follow a design pattern we use almost everywhere else.

 Is this something we can convert to a more standard $defaults and
 wp_parse_args() situation? Then we can do an apply_filters() on that,
 followed by extract() with EXTR_SKIP.

Ticket URL: <http://core.trac.wordpress.org/ticket/16849#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list