Opened 13 years ago
Closed 8 years ago
#17254 closed feature request (maybelater)
Contributors should be able to upload
Reported by: | jane | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.1 |
Component: | Role/Capability | Keywords: | reporter-feedback close |
Focuses: | Cc: |
Description
Workflows and typical post content have evolved since the roles were defined. Posts frequently contain images, video, etc. As it is now, for someone to be able to put an uploaded image or video in a post, they have to be an Author, because contributors have no upload rights. This means that if a post contains any media, the person writing it has the ability to publish. There's a big gap now for use cases where a site owner wants to curate/edit contributor submissions before publication but wants those contributor posts to not be limited to text-only creations.
Proposal: allow contributors to upload media files (kept as draft, not published until approved by higher role).
Change History (8)
#2
in reply to:
↑ 1
@
13 years ago
Replying to scribu:
More importantly, uploaded files are instantly publicly available, allowing the user to link to them from other sources, before the site owner has the chance to review them. See #17255
This is really the issue. By default all files are uploaded to wp-content/uploads/(YYYY/MM)? and can be directly accessed immediately just by linking to them, even from another site. Basically a contributor (who isn't trusted to put content on the site) could upload a bunch of porn and link to it from all over, and you'd be burning through bandwidth (or worse, serving illegal content to minors) until you notice and remove.
I'm thinking that any re-architecture on this would be a massive project and backwards compat would be a BEAR. However, maybe someone else will have a brilliant option.
#3
@
13 years ago
We could create a random hash, store the hash in postmeta, and use the hash in the filename. Then on publish we can remove the hash from the filename. Works for draft and trash.
It's certainly not foolproof, but it's an idea.
We could also put them into their own uploads directory (in addition to the hash), that way the entire directory can be locked down in htaccess too.
#5
@
13 years ago
Really we should change it so uploaded files aren't publicly available without an explicit publish action. When uploading in a post, the implication is that it is private until you hit publish, and we should not continue with this misleading behavior.
Also, because authors have the right to publish without review, if an editor wants to review a post containing file before making public, there's no way to do so (again, the fact that we have conflated upload with publish for files is the root of the problem).
I don't think this is a good idea by itself:
Currently, a user with the upload capability can upload unlimited files. On a small shared host, they can easily take up all the available space.
More importantly, uploaded files are instantly publicly available, allowing the user to link to them from other sources, before the site owner has the chance to review them. See #17255