Re: Proposed method for file attachments and uploads
Think of attachments just like avatar uploads except they are attached to posts instead of users. Also, the interface has to be attached to the create/edit post instead of the profile. But it’s almost that “simple”.
However there are indeed huge security risks.
Anytime you have a 777 folder somewhere it can be dangerous and filetypes need to be filtered outside of their extension, etc.
(and no, this is one plugin I won’t be coding)