[wp-trac] [WordPress Trac] #53084: wp_delete_attachment deletes file even if $force_delete is false
WordPress Trac
noreply at wordpress.org
Sun Apr 25 09:59:46 UTC 2021
#53084: wp_delete_attachment deletes file even if $force_delete is false
--------------------------+-----------------------------
Reporter: pubalacon | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.7.1
Severity: major | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
Around line 6085 in wp-includes/post.php
line 6085: wp_delete_attachment_files( $post_id, $meta, $backup_sizes,
$file );
There is no test of $force_delete, so attachment file is physically
removed from system file even if not wanted (or definitely not allowed)
Suggested patch:
if (!$force_delete) {
wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );
}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53084>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list