[wp-trac] [WordPress Trac] #22408: wp_insert_attachment and _real_escape input validation and better error handling

WordPress Trac noreply at wordpress.org
Sat Nov 10 21:47:04 UTC 2012


#22408: wp_insert_attachment and _real_escape input validation and better error
handling
------------------------------+--------------------------
 Reporter:  magadanski_uchen  |       Type:  defect (bug)
   Status:  new               |   Priority:  normal
Milestone:  Awaiting Review   |  Component:  Database
  Version:  3.4.2             |   Severity:  trivial
 Keywords:                    |
------------------------------+--------------------------
 Recently when using the `wp_insert_attachment()` function I passed the
 whole result of the `wp_check_filetype()` function for the
 `"post_mime_type"` attribute, instead of the `"type"` property from the
 filetype check result. What I got was an error in the `_real_escape()`
 function which expected a string, but received an array, which didn't
 quite help me find my error.

 I believe some kind of type checking would be nice for both the
 `_real_escape()` function as well as the `wp_insert_attachment()`.

 It seems suitable if the `wp_insert_attachment()` function returned a
 `WP_Error` object in case there are issues with the passed arguments.

 I'm not sure, however, what the best solution would be for the
 `_real_escape()` function -- return false, fail quietly, raise an
 exception or also return a `WP_Error`.

 I would have proposed a patch, but I'm not sure what solution to
 implement. Let me know if I should do it in a certain way and I'll submit
 a patch for review, saving you a little time for other ticket review.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22408>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list