Opened 7 months ago
Last modified 7 months ago
#22408 new defect (bug)
wp_insert_attachment and _real_escape input validation and better error handling
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Awaiting Review |
| Component: | Database | Version: | 3.4.2 |
| Severity: | trivial | Keywords: | dev-feedback |
| Cc: |
Description
Recently when using the wp_insert_attachment() function I passed the whole result of the wp_check_filetype() function for the "post_mime_type" attribute, instead of the "type" property from the filetype check result. What I got was an error in the _real_escape() function which expected a string, but received an array, which didn't quite help me find my error.
I believe some kind of type checking would be nice for both the _real_escape() function as well as the wp_insert_attachment().
It seems suitable if the wp_insert_attachment() function returned a WP_Error object in case there are issues with the passed arguments.
I'm not sure, however, what the best solution would be for the _real_escape() function -- return false, fail quietly, raise an exception or also return a WP_Error.
I would have proposed a patch, but I'm not sure what solution to implement. Let me know if I should do it in a certain way and I'll submit a patch for review, saving you a little time for other ticket review.
