WordPress.org

Make WordPress Core

Changeset 43589


Ignore:
Timestamp:
08/29/2018 03:22:14 AM (23 months ago)
Author:
rachelbaker
Message:

REST API: Limit the scope of wp-admin files required in WP_REST_Attachments_Controller methods.

Narrow the scope of the included wp-admin files loaded for wp_generate_attachment_metadata(), wp_handle_upload(), wp_tempnam(), and wp_handle_sideload(). Requires only wp-admin/includes/file.php and wp-admin/includes/image.php instead of wp-admin/includes/admin.php.

Props lonelyvegan, soulseekah, pratikthink.
Fixes #43757.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

    r43529 r43589  
    170170        do_action( 'rest_insert_attachment', $attachment, $request, true );
    171171
    172         // Include admin functions to get access to wp_generate_attachment_metadata().
    173         require_once ABSPATH . 'wp-admin/includes/admin.php';
     172        // Include admin function to get access to wp_generate_attachment_metadata().
     173        require_once ABSPATH . 'wp-admin/includes/image.php';
    174174
    175175        wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
     
    537537        $type = array_shift( $headers['content_type'] );
    538538
    539         /** Include admin functions to get access to wp_tempnam() and wp_handle_sideload() */
    540         require_once ABSPATH . 'wp-admin/includes/admin.php';
     539        /** Include admin functions to get access to wp_tempnam() and wp_handle_sideload(). */
     540        require_once ABSPATH . 'wp-admin/includes/file.php';
    541541
    542542        // Save the file.
     
    737737        }
    738738
    739         /** Include admin functions to get access to wp_handle_upload() */
    740         require_once ABSPATH . 'wp-admin/includes/admin.php';
     739        /** Include admin function to get access to wp_handle_upload(). */
     740        require_once ABSPATH . 'wp-admin/includes/file.php';
    741741
    742742        $file = wp_handle_upload( $files['file'], $overrides );
Note: See TracChangeset for help on using the changeset viewer.