Make WordPress Core


Ignore:
Timestamp:
10/19/2018 06:52:31 PM (6 years ago)
Author:
danielbachhuber
Message:

REST API: Limit the scope of wp-admin files required in WP_REST_Attachments_Controller methods.

Narrow the scope of the included wp-admin files loaded for wp_generate_attachment_metadata(), wp_handle_upload(), wp_tempnam(), and wp_handle_sideload(). Requires only wp-admin/includes/file.php and wp-admin/includes/image.php instead of wp-admin/includes/admin.php.

Props ocean90, lonelyvegan, soulseekah, pratikthink.
Merges [43589], [43604] to the 5.0 branch.
Fixes #43757.

Location:
branches/5.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0

  • branches/5.0/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

    r43737 r43773  
    122122        $type    = $file['type'];
    123123        $file    = $file['file'];
     124
     125        // Include image functions to get access to wp_read_image_metadata().
     126        require_once ABSPATH . 'wp-admin/includes/image.php';
    124127
    125128        // use image exif/iptc data for title and caption defaults if possible
     
    170173        do_action( 'rest_insert_attachment', $attachment, $request, true );
    171174
    172         // Include admin functions to get access to wp_generate_attachment_metadata().
    173         require_once ABSPATH . 'wp-admin/includes/admin.php';
     175        // Include admin function to get access to wp_generate_attachment_metadata().
     176        require_once ABSPATH . 'wp-admin/includes/image.php';
    174177
    175178        wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
     
    558561        $type = array_shift( $headers['content_type'] );
    559562
    560         /** Include admin functions to get access to wp_tempnam() and wp_handle_sideload() */
    561         require_once ABSPATH . 'wp-admin/includes/admin.php';
     563        /** Include admin functions to get access to wp_tempnam() and wp_handle_sideload(). */
     564        require_once ABSPATH . 'wp-admin/includes/file.php';
    562565
    563566        // Save the file.
     
    758761        }
    759762
    760         /** Include admin functions to get access to wp_handle_upload() */
    761         require_once ABSPATH . 'wp-admin/includes/admin.php';
     763        /** Include admin function to get access to wp_handle_upload(). */
     764        require_once ABSPATH . 'wp-admin/includes/file.php';
    762765
    763766        $file = wp_handle_upload( $files['file'], $overrides );
Note: See TracChangeset for help on using the changeset viewer.