WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#7933 closed defect (bug) (fixed)

wp_insert_attachment fails on post name check

Reported by: dwc Owned by:
Milestone: 2.7 Priority: normal
Severity: normal Version: 2.6.1
Component: Administration Keywords:
Focuses: Cc:

Description

This issue is the same as #6894 and #6934, but for attachments.

Basically, the wp_insert_attachment post name check fails under the same conditions: if the sanitized title contains a URL-encoded character that happens to match a printf type specifier, the post name check never succeeds. The fix is the same as [7876] and [7877]: to use %s for the parameter instead of direct variable substitution.

This issue affects 2.6.2. I haven't tested trunk, but it looks like it still has the problem.

Attachments (1)

7933.patch (1.3 KB) - added by dwc 5 years ago.
Patch to use prepare

Download all attachments as: .zip

Change History (2)

dwc5 years ago

Patch to use prepare

comment:1 ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [9259]) Use prepare() in wp_insert_attachment(). Props dwc. fixes #7933

Note: See TracTickets for help on using tickets.