Image added via wp_insert_attachment is invalid?

  • Resolved chcw

    (@chcw)


    8 months, 1 week ago

    Hi,

    I try to use the sample code at https://developer.www.ads-software.com/reference/functions/wp_insert_attachment/ to add an image to post, and use attachment_url_to_postid to verify if the attached image is valid or not, as below.

    When debugging, attachment_url_to_postid will always return 0 for the attachment added via wp_insert_attachment so the validation always fails.

    I try to add an image to media library manually, then the verification will pass. So I think using wp_insert_attachment to insert media must have missed some important steps that cause the error.

    <?php 

include "wp-load.php";

// $filename should be the path to a file in the upload directory.
$filename = 'C:/wamp64/www/blogs/wp-content/uploads/2024/03/test12.jpg';

// The ID of the post this attachment is for.
$parent_post_id = 76;

// Check the type of file. We'll use this as the 'post_mime_type'.
$filetype = wp_check_filetype( basename( $filename ), null );

// Get the path to the upload directory.
$wp_upload_dir = wp_upload_dir();

// Prepare an array of post data for the attachment.
$attachment = array(
	'guid'           => $wp_upload_dir['url'] . '/' . basename( $filename ), 
	'post_mime_type' => $filetype['type'],
	'post_title'     => preg_replace( '/\.[^.]+$/', '', basename( $filename ) ),
	'post_content'   => '',
	'post_status'    => 'inherit'
);

// Insert the attachment.
$attach_id = wp_insert_attachment( $attachment, $filename, $parent_post_id );

// Make sure that this file is included, as wp_generate_attachment_metadata() depends on it.
require_once( ABSPATH . 'wp-admin/includes/image.php' );

// Generate the metadata for the attachment, and update the database record.
$attach_data = wp_generate_attachment_metadata( $attach_id, $filename );
wp_update_attachment_metadata( $attach_id, $attach_data );

set_post_thumbnail( $parent_post_id, $attach_id );

//  Verify the attached image
$attach_url = wp_get_attachment_image_url($attach_id, 'full');
$attach_id2 = attachment_url_to_postid($attach_url);

if ($attach_id == $attach_id2)
  echo "Verficiation succeeds!";
else
  echo "Verficiaton failed!";
?>
Viewing 4 replies - 16 through 19 (of 19 total)
  • Thread Starter chcw

    (@chcw)

    Hi, @bcworkz

    Thank you very much. Now it works. I should have use Visual Studio Code and Intelephant to check my codes before wasting your time.

    Also thank you for explanation of why do CSS in two stages

    Thread Starter chcw

    (@chcw)

    Hi,?@bcworkz

    Now I have updated all my scripts into plugins, one by one. The codes are much more safe now. In the past, I will worry about the search engine bot will access my script and run its codes automatically. Now there are no such issues any more.

    The time spent on the article you recommended absolutely worth it! Thumb up!

    Moderator bcworkz

    (@bcworkz)

    Well done! I don’t consider helping other people learn a waste of time, even if the answers were available elsewhere. I think of it as an investment in the future of computer science ??

    In theory it’s still possible for a search bot to request a plugin file and cause it to execute. Unlikely if the filename cannot be found anywhere, but for the sake of discussion let’s assume it will happen. If the first function called is a WP function, the script will die with an undefined function error. No harm done. But it’s possible for some plugin files to do something undesirable before reaching a WP function. If there’s any chance of that, we can add the following code to the top of the file:

    if ( ! defined( 'ABSPATH' ) ) {
	die( '-1' );
}

    If WP is loaded normally, this has no effect. Then all the usual WP security is in place and there’s no concern. But it’ll immediately stop any attempt at direct access.

    Thread Starter chcw

    (@chcw)

    Hi, @bcworkz

    Thank you very much. Have followed your suggestion.

Viewing 4 replies - 16 through 19 (of 19 total)
  • The topic ‘Image added via wp_insert_attachment is invalid?’ is closed to new replies.