Make WordPress Core

Opened 6 years ago

Last modified 3 years ago

#21292 assigned defect (bug)

XML-RPC: wp_upload_bits should act like wp_handle_upload — at Version 7

Reported by: markoheijnen Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.0
Component: XML-RPC Keywords: has-patch needs-refresh
Focuses: Cc:

Description (last modified by markoheijnen)

At this moment there isn't a check for file size when uploading an image through the XML-RPC. The reason is that the method wp_upload_bits is used. This only checks it does is if the file size is to big for a network installation.

The function check_upload_size() is something what you want except that it will use wp_die() if there is an error like this. The function is used as a filter: wp_handle_upload_prefilter. Which only get applied in the function wp_handle_upload.

We should probably change check_upload_size() a bit so it doesn't use wp_die() but does it somewhere else.

related: #6559 and #21085

Change History (9)

#1 @markoheijnen
6 years ago

  • Description modified (diff)

#3 @daniloercoli
6 years ago

  • Cc ercoli@… added

#4 @markoheijnen
6 years ago

Finding a way to add https://github.com/daniloercoli/WordPress-streaming-xml-rpc in the new media method. And when it works well in 3.5 also add it in 3.6 for the current one.

#5 @markoheijnen
6 years ago

Just a weird thought. Would it make sense to fake a $_FILES array to pass through wp_handle_upload(). By using the code of Danilo to store the image localy that would make sense.

Other solution is not using it and fix wp_upload_bits(). Looking again to it and they should both do the same thing. The only difference is the input and how to act on that.

6 years ago

#6 @markoheijnen
6 years ago

Uploaded my first try to fix the upload limit

6 years ago

Added unfiltered_upload capability check

#7 @markoheijnen
6 years ago

  • Description modified (diff)
  • Summary changed from Using wp_handle_upload in the XML-RPC to XML-RPC: wp_upload_bits should act like wp_handle_upload

Added a new patch that checks if a user can upload any file.

Note: See TracTickets for help on using tickets.