WordPress.org

Make WordPress Core

Ticket #17779: custom-header.17779.diff

File custom-header.17779.diff, 2.1 KB (added by xknown, 3 years ago)

Cast to the appropiate types

  • wp-admin/custom-header.php

     
    721721                        $_POST['height'] = $_POST['height'] * $_POST['oitar']; 
    722722                } 
    723723 
    724                 $original = get_attached_file( $_POST['attachment_id'] ); 
     724        $attachment_id = absint( $_POST['attachment_id'] ); 
     725        $original = get_attached_file($attachment_id); 
    725726 
    726                 $cropped = wp_crop_image($_POST['attachment_id'], $_POST['x1'], $_POST['y1'], $_POST['width'], $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); 
     727                $cropped = wp_crop_image($attachment_id, (int) $_POST['x1'], (int) $_POST['y1'], (int) $_POST['width'], (int) $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); 
    727728                if ( is_wp_error( $cropped ) ) 
    728729                        wp_die( __( 'Image could not be processed.  Please go back and try again.' ), __( 'Image Processing Error' ) ); 
    729730 
    730                 $cropped = apply_filters('wp_create_file_in_uploads', $cropped, $_POST['attachment_id']); // For replication 
     731                $cropped = apply_filters('wp_create_file_in_uploads', $cropped, $attachment_id); // For replication 
    731732 
    732                 $parent = get_post($_POST['attachment_id']); 
     733                $parent = get_post($attachment_id); 
    733734                $parent_url = $parent->guid; 
    734735                $url = str_replace(basename($parent_url), basename($cropped), $parent_url); 
    735736 
    736737                // Construct the object array 
    737738                $object = array( 
    738                         'ID' => $_POST['attachment_id'], 
     739                        'ID' => $attachment_id, 
    739740                        'post_title' => basename($cropped), 
    740741                        'post_content' => $url, 
    741742                        'post_mime_type' => 'image/jpeg', 
     
    745746 
    746747                // Update the attachment 
    747748                wp_insert_attachment($object, $cropped); 
    748                 wp_update_attachment_metadata( $_POST['attachment_id'], wp_generate_attachment_metadata( $_POST['attachment_id'], $cropped ) ); 
    749                 update_post_meta( $_POST['attachment_id'], '_wp_attachment_is_custom_header', get_option('stylesheet' ) ); 
     749                wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $cropped ) ); 
     750                update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', get_option('stylesheet' ) ); 
    750751 
    751752                set_theme_mod('header_image', $url); 
    752753