id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
22408	wp_insert_attachment and _real_escape input validation and better error handling	magadanski_uchen		"Recently when using the `wp_insert_attachment()` function I passed the whole result of the `wp_check_filetype()` function for the `""post_mime_type""` attribute, instead of the `""type""` property from the filetype check result. What I got was an error in the `_real_escape()` function which expected a string, but received an array, which didn't quite help me find my error.

I believe some kind of type checking would be nice for both the `_real_escape()` function as well as the `wp_insert_attachment()`.

It seems suitable if the `wp_insert_attachment()` function returned a `WP_Error` object in case there are issues with the passed arguments.

I'm not sure, however, what the best solution would be for the `_real_escape()` function -- return false, fail quietly, raise an exception or also return a `WP_Error`.

I would have proposed a patch, but I'm not sure what solution to implement. Let me know if I should do it in a certain way and I'll submit a patch for review, saving you a little time for other ticket review."	defect (bug)	new	normal	Awaiting Review	Database	3.4.2	trivial		dev-feedback