WordPress.org

Make WordPress Core

Ticket #17779: custom-header.17779.diff

File custom-header.17779.diff, 2.1 KB (added by xknown, 7 years ago)

Cast to the appropiate types

  • wp-admin/custom-header.php

     
    721721                        $_POST['height'] = $_POST['height'] * $_POST['oitar'];
    722722                }
    723723
    724                 $original = get_attached_file( $_POST['attachment_id'] );
     724        $attachment_id = absint( $_POST['attachment_id'] );
     725        $original = get_attached_file($attachment_id);
    725726
    726                 $cropped = wp_crop_image($_POST['attachment_id'], $_POST['x1'], $_POST['y1'], $_POST['width'], $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT);
     727                $cropped = wp_crop_image($attachment_id, (int) $_POST['x1'], (int) $_POST['y1'], (int) $_POST['width'], (int) $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT);
    727728                if ( is_wp_error( $cropped ) )
    728729                        wp_die( __( 'Image could not be processed.  Please go back and try again.' ), __( 'Image Processing Error' ) );
    729730
    730                 $cropped = apply_filters('wp_create_file_in_uploads', $cropped, $_POST['attachment_id']); // For replication
     731                $cropped = apply_filters('wp_create_file_in_uploads', $cropped, $attachment_id); // For replication
    731732
    732                 $parent = get_post($_POST['attachment_id']);
     733                $parent = get_post($attachment_id);
    733734                $parent_url = $parent->guid;
    734735                $url = str_replace(basename($parent_url), basename($cropped), $parent_url);
    735736
    736737                // Construct the object array
    737738                $object = array(
    738                         'ID' => $_POST['attachment_id'],
     739                        'ID' => $attachment_id,
    739740                        'post_title' => basename($cropped),
    740741                        'post_content' => $url,
    741742                        'post_mime_type' => 'image/jpeg',
     
    745746
    746747                // Update the attachment
    747748                wp_insert_attachment($object, $cropped);
    748                 wp_update_attachment_metadata( $_POST['attachment_id'], wp_generate_attachment_metadata( $_POST['attachment_id'], $cropped ) );
    749                 update_post_meta( $_POST['attachment_id'], '_wp_attachment_is_custom_header', get_option('stylesheet' ) );
     749                wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $cropped ) );
     750                update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', get_option('stylesheet' ) );
    750751
    751752                set_theme_mod('header_image', $url);
    752753