wp_delete_attachment deletes file even if $force_delete is false

[pubalacon]

Around line 6085 in wp-includes/post.php

line 6085: wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );

There is no test of $force_delete, so attachment file is physically removed from system file even if not wanted (or definitely not allowed)

Suggested patch:

if (!$force_delete) {
    wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );
}

[mukesh27]

Hi and welcome to WordPress Trac! Thanks for the ticket.

wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ); called in wp_delete_attachment function at ​#L6125.

Removing version 5.7.1 and set component to Media

[joyously]

Do you have a test case, or were you just reading the code?
The $force_delete variable is checked near the top of the function, and uses an early return, so it matches the description, which says

The attachment is moved to the Trash instead of permanently deleted unless Trash for media is disabled, item is already in the Trash, or $force_delete is true.

  if ( ! $force_delete && EMPTY_TRASH_DAYS && MEDIA_TRASH && 'trash' !== $post->post_status ) {
        return wp_trash_post( $post_id );
  }

[SergeyBiryukov]

Just noting that code similar to the fragment above can be found not only in wp_delete_attachment(), but also in wp_delete_comment() and wp_delete_post(). Perhaps the $force_delete argument in these functions needs better documentation?

[antpb]

Upon review in the Media meeting it was agreed that the docs are pretty clear about the behavior and that this is the intended behavior of the function. If we see more questions around this it would probably be a good move to identify how the docs should be clarified better but for now we should close this to keep the backlog of tickets true.