Make WordPress Core

Opened 6 years ago

Last modified 3 years ago

#21292 assigned defect (bug)

Using wp_handle_upload in the XML-RPC — at Version 1

Reported by: markoheijnen Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.0
Component: XML-RPC Keywords: has-patch needs-refresh
Focuses: Cc:

Description (last modified by markoheijnen)

At this moment there isn't a check for file size when uploading an image through the XML-RPC. The reason is that the method wp_upload_bits is used. This only checks it does is if the file size is to big for a network installation.

The function check_upload_size() is something what you want except that it will use wp_die() if there is an error like this. The function is used as a filter: wp_handle_upload_prefilter. Which only get applied in the function wp_handle_upload.

We should change some of the functions to allow to return an error instead of using wp_die(). When you look into check_upload_size() this should get a second parameter instead of checking if there is a $_POST variable set.

related: #6559 and #21085

Change History (1)

#1 @markoheijnen
6 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.