Make WordPress Core

Opened 6 years ago

Closed 21 months ago

#17254 closed feature request (maybelater)

Contributors should be able to upload

Reported by: jane Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: Role/Capability Keywords: reporter-feedback close
Focuses: Cc:


Workflows and typical post content have evolved since the roles were defined. Posts frequently contain images, video, etc. As it is now, for someone to be able to put an uploaded image or video in a post, they have to be an Author, because contributors have no upload rights. This means that if a post contains any media, the person writing it has the ability to publish. There's a big gap now for use cases where a site owner wants to curate/edit contributor submissions before publication but wants those contributor posts to not be limited to text-only creations.

Proposal: allow contributors to upload media files (kept as draft, not published until approved by higher role).

Change History (8)

#1 follow-up: @scribu
6 years ago

I don't think this is a good idea by itself:

Currently, a user with the upload capability can upload unlimited files. On a small shared host, they can easily take up all the available space.

More importantly, uploaded files are instantly publicly available, allowing the user to link to them from other sources, before the site owner has the chance to review them.

Version 0, edited 6 years ago by scribu (next)

#2 in reply to: ↑ 1 @aaroncampbell
6 years ago

Replying to scribu:

More importantly, uploaded files are instantly publicly available, allowing the user to link to them from other sources, before the site owner has the chance to review them. See #17255

This is really the issue. By default all files are uploaded to wp-content/uploads/(YYYY/MM)? and can be directly accessed immediately just by linking to them, even from another site. Basically a contributor (who isn't trusted to put content on the site) could upload a bunch of porn and link to it from all over, and you'd be burning through bandwidth (or worse, serving illegal content to minors) until you notice and remove.

I'm thinking that any re-architecture on this would be a massive project and backwards compat would be a BEAR. However, maybe someone else will have a brilliant option.

#3 @nacin
6 years ago

We could create a random hash, store the hash in postmeta, and use the hash in the filename. Then on publish we can remove the hash from the filename. Works for draft and trash.

It's certainly not foolproof, but it's an idea.

We could also put them into their own uploads directory (in addition to the hash), that way the entire directory can be locked down in htaccess too.

#4 @scribu
6 years ago

Pretty interesting ideas, nacin. I think we should discuss them over on #17255.

#5 @jane
6 years ago

Really we should change it so uploaded files aren't publicly available without an explicit publish action. When uploading in a post, the implication is that it is private until you hit publish, and we should not continue with this misleading behavior.

Also, because authors have the right to publish without review, if an editor wants to review a post containing file before making public, there's no way to do so (again, the fact that we have conflated upload with publish for files is the root of the problem).

#6 @chriscct7
3 years ago

  • Keywords reporter-feedback added

Did you want to revisit this @jane or others?

#7 @DrewAPicture
3 years ago

  • Keywords close added

Hiding the Featured Image metabox from contributors in [29402] really just further shielded this issue. Do we want to pursue this or table it for consideration later?

#8 @johnbillion
21 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to maybelater
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.