[wp-trac] [WordPress Trac] #31236: wp_ajax_upload_attachment does not properly handle situation when post_id is set

WordPress Trac noreply at wordpress.org
Wed Mar 25 11:53:07 UTC 2015 

#31236: wp_ajax_upload_attachment does not properly handle situation when post_id
is set
-------------------------------+-----------------------------
 Reporter:  johncacpro         |       Owner:
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Future Release
Component:  Media              |     Version:  4.1
 Severity:  normal             |  Resolution:
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+-----------------------------

Comment (by johncacpro):

 Here is the scenario that I have currently and what led me to enter the
 bug.  We have a client who wanted a password protected area that allowed
 registered users the ability to edit their profile information from the
 website as opposed to logging into Wordpress and doing it there.  There
 are some custom meta fields that are associated with the user accounts and
 one of them is something like a profile for the user.  They wanted the
 user to be able to have a WYSIWYG editor that allowed them to update this
 field.  Currently, we have embedded the Wordpress editor on a password
 protected area of the site that allows them to update this field as if
 they were inside the Wordpress admin area.  All of that works fine.  The
 client came back at the end of the project and wanted the users to also be
 able to upload images to embed in the post.  This is where I ran into the
 issue I reported above.  Each user that can do this is in a custom defined
 role.  That custom defined role has the edit_posts capability so in theory
 they should be able to upload the image to the post, etc.  However,
 whenever I tried to do so, I received an error about not being able to
 attach files to the post.  This led me to track down where this message
 was being triggered from which I believe is from ajax_actions.php.  Once I
 made the change to the ajax_actions.php file to be edit_posts, the
 functionality worked as expected.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31236#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list