Make WordPress Core

Changeset 18298


Ignore:
Timestamp:
06/13/2011 08:50:16 AM (14 years ago)
Author:
nacin
Message:

Sanity int casts in custom header step_3. props xknown, fixes #17779.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/custom-header.php

    r18010 r18298  
    722722        }
    723723
    724         $original = get_attached_file( $_POST['attachment_id'] );
    725 
    726         $cropped = wp_crop_image($_POST['attachment_id'], $_POST['x1'], $_POST['y1'], $_POST['width'], $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT);
     724        $attachment_id = absint( $_POST['attachment_id'] );
     725        $original = get_attached_file($attachment_id);
     726
     727        $cropped = wp_crop_image( $attachment_id, (int) $_POST['x1'], (int) $_POST['y1'], (int) $_POST['width'], (int) $_POST['height'], HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT );
    727728        if ( is_wp_error( $cropped ) )
    728729            wp_die( __( 'Image could not be processed.  Please go back and try again.' ), __( 'Image Processing Error' ) );
    729730
    730         $cropped = apply_filters('wp_create_file_in_uploads', $cropped, $_POST['attachment_id']); // For replication
    731 
    732         $parent = get_post($_POST['attachment_id']);
     731        $cropped = apply_filters('wp_create_file_in_uploads', $cropped, $attachment_id); // For replication
     732
     733        $parent = get_post($attachment_id);
    733734        $parent_url = $parent->guid;
    734735        $url = str_replace(basename($parent_url), basename($cropped), $parent_url);
     
    736737        // Construct the object array
    737738        $object = array(
    738             'ID' => $_POST['attachment_id'],
     739            'ID' => $attachment_id,
    739740            'post_title' => basename($cropped),
    740741            'post_content' => $url,
     
    746747        // Update the attachment
    747748        wp_insert_attachment($object, $cropped);
    748         wp_update_attachment_metadata( $_POST['attachment_id'], wp_generate_attachment_metadata( $_POST['attachment_id'], $cropped ) );
    749         update_post_meta( $_POST['attachment_id'], '_wp_attachment_is_custom_header', get_option('stylesheet' ) );
     749        wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $cropped ) );
     750        update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', get_option('stylesheet' ) );
    750751
    751752        set_theme_mod('header_image', $url);
Note: See TracChangeset for help on using the changeset viewer.