Make WordPress Core

Opened 9 years ago

Closed 8 years ago

#29010 closed enhancement (wontfix)

Allow file upload from unregistered users

Reported by: firebird75's profile firebird75 Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.9.1
Component: Media Keywords:
Focuses: Cc:


I am trying to embed the media uploader in the frontend. I am able to make it work for registered users with the upload_files capability but I am not able to have it work for non registered users and I think this is because of the lack of capability for them.

The problem is that I don't see a way to add the capability for non registered users right now.

Maybe an improvement could be to add a default role "visitor" that would be assigned to users that are not logged in. And then we could assign some capabilities like upload_files to them.

Another option would be to allow some kind of hook on the media uploader to allow to pass some custom capability during initialization.

Does it make sense?

Change History (1)

#1 @dd32
8 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Allowing public uploads is not something that WordPress is going to support natively, however if you run into any barriers in filters that prevent accepting uploads, feel free to submit a patch with the alterations needed.

A plugin is free to create a new role, such as visitor and make WordPress believe that a user is logged in quite easily, you can also filter the capabilities checking for upload_files capabilities and always return true for that..
Realistically, a plugin is better off implementing all the upload logic itself, as WordPress's upload functionality is based around trusted users, which logged out users are not, and the amount of code that would be needed should be minimal.

Note: See TracTickets for help on using tickets.