Make WordPress Core

Opened 9 years ago

Closed 7 years ago

#22408 closed defect (bug) (wontfix)

wp_insert_attachment and _real_escape input validation and better error handling

Reported by: magadanski_uchen Owned by:
Milestone: Priority: normal
Severity: trivial Version: 3.4.2
Component: Database Keywords: dev-feedback
Focuses: Cc:


Recently when using the wp_insert_attachment() function I passed the whole result of the wp_check_filetype() function for the "post_mime_type" attribute, instead of the "type" property from the filetype check result. What I got was an error in the _real_escape() function which expected a string, but received an array, which didn't quite help me find my error.

I believe some kind of type checking would be nice for both the _real_escape() function as well as the wp_insert_attachment().

It seems suitable if the wp_insert_attachment() function returned a WP_Error object in case there are issues with the passed arguments.

I'm not sure, however, what the best solution would be for the _real_escape() function -- return false, fail quietly, raise an exception or also return a WP_Error.

I would have proposed a patch, but I'm not sure what solution to implement. Let me know if I should do it in a certain way and I'll submit a patch for review, saving you a little time for other ticket review.

Change History (2)

#1 @SergeyBiryukov
9 years ago

  • Keywords dev-feedback added

#2 @wonderboymusic
7 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Thanks for the report - but there are any number of fields that expect string and would blow up if you pass array.

Note: See TracTickets for help on using tickets.