Ticket #47987: 47987.diff

src/wp-admin/includes/file.php

@@ -989 +989 @@
  *
  * @param string $upload_ref    The upload reference sent by the client.
  * @param int    $attachment_id Attachment post ID.
- * @return bool Whether the transient was set.
+ * @return true|WP_Error Whether the transient was set.
  */
 function _wp_set_upload_ref( $upload_ref, $attachment_id ) {
         $upload_ref = preg_replace( '/[^a-zA-Z0-9_]/', '', $upload_ref );
 
-        if ( ! empty( $upload_ref ) ) {
-                return set_transient( '_wp_temp_image_ref:' . $upload_ref, $attachment_id, HOUR_IN_SECONDS );
+        if ( ! $upload_ref ) {
+                return new WP_Error( 'invalid_upload_ref', __( 'The upload reference may only contain alpha numeric characters.' ) );
         }
 
-        return false;
+        $set = set_transient( '_wp_temp_image_ref:' . $upload_ref, $attachment_id, HOUR_IN_SECONDS );
+
+        if ( ! $set ) {
+                return new WP_Error( 'db_update_error', __( 'Failed to save upload reference.' ) );
+        }
+
+        return true;
 }
 
 /**

src/wp-admin/includes/media.php

@@ -420 +420 @@
 
                 // At this point the image is uploaded successfully even if there were specific errors or some sub-sizes were not created.
                 // The transient is not needed any more.
-                if ( $_ref ) {
+                if ( true === $_ref ) {
                         _wp_clear_upload_ref( $_POST['_wp_temp_upload_ref'] );
                 }
         }

src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

@@ -100 +100 @@
                         return new WP_Error( 'rest_invalid_param', __( 'Invalid parent type.' ), array( 'status' => 400 ) );
                 }
 
+                $retry_ref = $request->get_header( 'X-WP-RetryUploadRef' );
+
+                if ( $retry_ref ) {
+                        // Include upload ref functions.
+                        require_once ABSPATH . 'wp-admin/includes/file.php';
+                        $id = _wp_get_upload_ref_attachment_id( $retry_ref );
+
+                        if ( ! $id ) {
+                                return new WP_Error( 'upload_reference_not_found', __( 'Upload failed. Please try again.' ), array( 'status' => 500 ) );
+                        }
+
+                        $is_retry = true;
+                } else {
+                        $id_and_file = $this->insert_attachment( $request );
+
+                        if ( is_wp_error( $id_and_file ) ) {
+                                return $id_and_file;
+                        }
+
+                        list( $id, $file ) = $id_and_file;
+                        $is_retry          = false;
+                }
+
+                if ( is_wp_error( $id ) ) {
+                        return $id;
+                }
+
+                $attachment = get_post( $id );
+
+                /**
+                 * Fires after a single attachment is created or updated via the REST API.
+                 *
+                 * @since 4.7.0
+                 *
+                 * @param WP_Post         $attachment Inserted or updated attachment
+                 *                                    object.
+                 * @param WP_REST_Request $request    The request sent to the API.
+                 * @param bool            $creating   True when creating an attachment, false when updating.
+                 */
+                do_action( 'rest_insert_attachment', $attachment, $request, true );
+
+                // Include admin function to get access to wp_generate_attachment_metadata().
+                require_once ABSPATH . 'wp-admin/includes/media.php';
+
+                if ( $is_retry ) {
+                        wp_update_image_subsizes( $id );
+                        _wp_clear_upload_ref( $retry_ref );
+                } else {
+                        wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
+
+                        if ( $request->get_header( 'X-WP-UploadRef' ) ) {
+                                // Include upload ref functions.
+                                require_once ABSPATH . 'wp-admin/includes/file.php';
+                                _wp_clear_upload_ref( $request->get_header( 'X-WP-UploadRef' ) );
+                        }
+                }
+
+                if ( isset( $request['alt_text'] ) ) {
+                        update_post_meta( $id, '_wp_attachment_image_alt', sanitize_text_field( $request['alt_text'] ) );
+                }
+
+                $fields_update = $this->update_additional_fields_for_object( $attachment, $request );
+
+                if ( is_wp_error( $fields_update ) ) {
+                        return $fields_update;
+                }
+
+                $request->set_param( 'context', 'edit' );
+
+                /**
+                 * Fires after a single attachment is completely created or updated via the REST API.
+                 *
+                 * @since 5.0.0
+                 *
+                 * @param WP_Post         $attachment Inserted or updated attachment object.
+                 * @param WP_REST_Request $request    Request object.
+                 * @param bool            $creating   True when creating an attachment, false when updating.
+                 */
+                do_action( 'rest_after_insert_attachment', $attachment, $request, true );
+
+                $response = $this->prepare_item_for_response( $attachment, $request );
+                $response = rest_ensure_response( $response );
+                $response->set_status( 201 );
+                $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $id ) ) );
+
+                return $response;
+        }
+
+        /**
+         * Inserts the attachment in the database.
+         *
+         * @since 5.3.0
+         *
+         * @param WP_REST_Request $request
+         *
+         * @return array|WP_Error
+         */
+        protected function insert_attachment( $request ) {
                 // Get the file via $_FILES or raw data.
                 $files   = $request->get_file_params();
                 $headers = $request->get_headers();
@@ -158 +256 @@
                         return $id;
                 }
 
-                $attachment = get_post( $id );
-
-                /**
-                 * Fires after a single attachment is created or updated via the REST API.
-                 *
-                 * @since 4.7.0
-                 *
-                 * @param WP_Post         $attachment Inserted or updated attachment
-                 *                                    object.
-                 * @param WP_REST_Request $request    The request sent to the API.
-                 * @param bool            $creating   True when creating an attachment, false when updating.
-                 */
-                do_action( 'rest_insert_attachment', $attachment, $request, true );
-
-                // Include admin function to get access to wp_generate_attachment_metadata().
-                require_once ABSPATH . 'wp-admin/includes/media.php';
-
-                wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
-
-                if ( isset( $request['alt_text'] ) ) {
-                        update_post_meta( $id, '_wp_attachment_image_alt', sanitize_text_field( $request['alt_text'] ) );
-                }
+                if ( $request->get_header( 'X-WP-UploadRef' ) ) {
+                        if ( ! wp_attachment_is_image( $id ) ) {
+                                return new WP_Error( 'invalid_upload_ref', __( 'Upload references can only be used for image attachments.' ), array( 'status' => 400 ) );
+                        }
 
-                $fields_update = $this->update_additional_fields_for_object( $attachment, $request );
+                        // Include upload ref functions.
+                        require_once ABSPATH . 'wp-admin/includes/file.php';
+                        $set_ref = _wp_set_upload_ref( $request->get_header( 'X-WP-UploadRef' ), $id );
 
-                if ( is_wp_error( $fields_update ) ) {
-                        return $fields_update;
+                        if ( is_wp_error( $set_ref ) ) {
+                                // TODO: cleanup attachment data.
+                                return $set_ref;
+                        }
                 }
 
-                $request->set_param( 'context', 'edit' );
-
-                /**
-                 * Fires after a single attachment is completely created or updated via the REST API.
-                 *
-                 * @since 5.0.0
-                 *
-                 * @param WP_Post         $attachment Inserted or updated attachment object.
-                 * @param WP_REST_Request $request    Request object.
-                 * @param bool            $creating   True when creating an attachment, false when updating.
-                 */
-                do_action( 'rest_after_insert_attachment', $attachment, $request, true );
-
-                $response = $this->prepare_item_for_response( $attachment, $request );
-                $response = rest_ensure_response( $response );
-                $response->set_status( 201 );
-                $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $id ) ) );
-
-                return $response;
+                return array( $id, $file );
         }
 
         /**