id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
22408,wp_insert_attachment and _real_escape input validation and better error handling,magadanski_uchen,,"Recently when using the `wp_insert_attachment()` function I passed the whole result of the `wp_check_filetype()` function for the `""post_mime_type""` attribute, instead of the `""type""` property from the filetype check result. What I got was an error in the `_real_escape()` function which expected a string, but received an array, which didn't quite help me find my error.

I believe some kind of type checking would be nice for both the `_real_escape()` function as well as the `wp_insert_attachment()`.

It seems suitable if the `wp_insert_attachment()` function returned a `WP_Error` object in case there are issues with the passed arguments.

I'm not sure, however, what the best solution would be for the `_real_escape()` function -- return false, fail quietly, raise an exception or also return a `WP_Error`.

I would have proposed a patch, but I'm not sure what solution to implement. Let me know if I should do it in a certain way and I'll submit a patch for review, saving you a little time for other ticket review.",defect (bug),new,normal,Awaiting Review,Database,3.4.2,trivial,,dev-feedback,