WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 7 months ago

#17254 new feature request

Contributors should be able to upload

Reported by: jane Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.1
Component: Role/Capability Keywords: reporter-feedback close
Focuses: Cc:

Description

Workflows and typical post content have evolved since the roles were defined. Posts frequently contain images, video, etc. As it is now, for someone to be able to put an uploaded image or video in a post, they have to be an Author, because contributors have no upload rights. This means that if a post contains any media, the person writing it has the ability to publish. There's a big gap now for use cases where a site owner wants to curate/edit contributor submissions before publication but wants those contributor posts to not be limited to text-only creations.

Proposal: allow contributors to upload media files (kept as draft, not published until approved by higher role).

Change History (7)

comment:1 follow-up: @scribu4 years ago

I don't think this is a good idea by itself:

Currently, a user with the upload capability can upload unlimited files. On a small shared host, they can easily take up all the available space.

More importantly, uploaded files are instantly publicly available, allowing the user to link to them from other sources, before the site owner has the chance to review them.

Version 0, edited 4 years ago by scribu (next)

comment:2 in reply to: ↑ 1 @aaroncampbell4 years ago

Replying to scribu:

More importantly, uploaded files are instantly publicly available, allowing the user to link to them from other sources, before the site owner has the chance to review them. See #17255

This is really the issue. By default all files are uploaded to wp-content/uploads/(YYYY/MM)? and can be directly accessed immediately just by linking to them, even from another site. Basically a contributor (who isn't trusted to put content on the site) could upload a bunch of porn and link to it from all over, and you'd be burning through bandwidth (or worse, serving illegal content to minors) until you notice and remove.

I'm thinking that any re-architecture on this would be a massive project and backwards compat would be a BEAR. However, maybe someone else will have a brilliant option.

comment:3 @nacin4 years ago

We could create a random hash, store the hash in postmeta, and use the hash in the filename. Then on publish we can remove the hash from the filename. Works for draft and trash.

It's certainly not foolproof, but it's an idea.

We could also put them into their own uploads directory (in addition to the hash), that way the entire directory can be locked down in htaccess too.

comment:4 @scribu4 years ago

Pretty interesting ideas, nacin. I think we should discuss them over on #17255.

comment:5 @jane4 years ago

Really we should change it so uploaded files aren't publicly available without an explicit publish action. When uploading in a post, the implication is that it is private until you hit publish, and we should not continue with this misleading behavior.

Also, because authors have the right to publish without review, if an editor wants to review a post containing file before making public, there's no way to do so (again, the fact that we have conflated upload with publish for files is the root of the problem).

comment:6 @chriscct77 months ago

  • Keywords reporter-feedback added

Did you want to revisit this @jane or others?

comment:7 @DrewAPicture7 months ago

  • Keywords close added

Hiding the Featured Image metabox from contributors in [29402] really just further shielded this issue. Do we want to pursue this or table it for consideration later?

Note: See TracTickets for help on using tickets.