Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#696 closed defect (bug) (fixed)

several problems with upload.php

Reported by: mdawaffe Owned by: matt
Milestone: Priority: normal
Severity: minor Version: 1.5
Component: Administration Keywords:
Focuses: Cc:


  1. option fileupload_minlevel only prevents low level users from seeing the upload tab. They can still upload files if they know upload.php's URI.
  1. The alt property of img tag is always blank in the example "code to display [the newly uploaded image]".
  1. When a duplicate file is found, the user is given the option to choose a different filename. By default that different filename is whatever_01.ext. however, in the "File uploaded!" message page, the underscore is stripped, and the user is told the newly uploaded file is called whatever01.ext both in the example HTML code and the File Details section.
  1. The file size as reported in the File Details section is always 0.
  1. The "Upload another" link is outside the div box.

Change History (5)

comment:1 mdawaffe9 years ago

  • Patch set to No

comment:2 2fargon9 years ago

  • Status changed from new to assigned

comment:3 anonymousbugger9 years ago

See #810 for a fix to the file size reported issue (4 above). (Sorry, I would have supplied it here, but I didn't see this bug first.)

comment:4 anonymousbugger9 years ago

Aw, what the heck -- here's a patch for all of these:


if (!get_settings('fileupload_minlevel'))

die (("You are not allowed to upload files"));


$img1_size = isset($_POSTimg1_size?) ? intval($_POSTimg1_size?) : intval($_FILESimg1?size?);

< $img1_name = preg_replace('/[a-z0-9.]/i', , $img1_name);

$img1_name = preg_replace('/[a-z0-9_.]/i', , $img1_name);

< $imgdesc = htmlentities2($imgdesc);

$imgdesc = htmlentities2($_POSTimgdesc?);

< </div>


comment:5 matt9 years ago

  • fixed_in_version set to 1.5
  • Owner changed from anonymous to matt
  • Resolution changed from 10 to 20
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.