WordPress.org

Make WordPress Core

#45020 closed enhancement (duplicate)

Can theme and plugin file uploading utilize the same form that media uploads use?

Reported by: shaneeckert Owned by:
Milestone: Priority: normal
Severity: minor Version: 5.1
Component: Upload Keywords:
Focuses: ui Cc:
PR Number:

Description (last modified by SergeyBiryukov)

The media uploader in wp-admin/upload.php has an Add New button that loads media-new.php (Line 77) which calls the media_upload_form function in media.php (Line 1938). This form runs quite a few checks on the file. For example a file with an .exe extension cannot be uploaded.

This is not the same for uploading Plugins and Themes. Right now you can upload any file through these two sections.

For example In plugin-install.php on line 334 we create a form to upload instead of using the one in media.php line 1938..

There is no check, it just fails when the installer cannot work with the file. As well the file is not cleaned up upon failure. This leaves files in the directory.

For consistency can we please use the same form for uploading a plugin and a theme as we do for media, with adjustments that limit to just ZIP files?

upload.php:90
https://github.com/WordPress/WordPress/blob/56c162fbc9867f923862f64f1b4570d885f1ff03/wp-admin/upload.php#L90

media.php:1938
https://github.com/WordPress/WordPress/blob/8992656b133a672f90ab5da0adfa8f27ac8d6a0a/wp-admin/includes/media.php#L1938

plugin-install.php:344
https://github.com/WordPress/WordPress/blob/56c162fbc9867f923862f64f1b4570d885f1ff03/wp-admin/includes/plugin-install.php#L334

Similar tickets

#44868 #44710

Change History (2)

#1 @SergeyBiryukov
14 months ago

  • Description modified (diff)

#2 @SergeyBiryukov
14 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @shaneeckert, welcome to WordPress Trac!

Thanks for the ticket, we're already tracking this enhancement in #24579.

Note: See TracTickets for help on using tickets.