Issues related to the file uploader

Due to some quirks to our server configuration, the Inline mode of the file upload module doesn’t work correctly. File access relies on an internal HTTP request which fails certain SSL checks.

The Download method works correctly because it uses an absolute path to the file.

Two concerns that may affect other users:

1. On hosts that prevent HTTP via fopen, the Inline method may fail
2. On sites that have moved, the use of the attachment guid may no longer accurately point to the path where the file is stored.

To address both, I recommend generating the file path using get_attached_file( $attachment->ID ).

I also see that the User Agent for the readfile() HTTP call is controlled by using ini_set(). To address a few different concerns with the HTTP request method, I recommend using the WP_HTTP API functions and providing a filter so that developers may modify the request parameters. This would address certain proprietary SSL certificate situations, allow for extended headers that could secure attachments further in tandem with .htaccess rules.

Along with these changes, it would be great to see modularization that would allow attachments to be optionally (with separate our own development effort) offloaded to some other storage outside of the media library.

I would be happy to contribute to that collaboration effort. Thank you for your consideration.