Changeset 48498
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
r48408 r48498 422 422 $image_meta = wp_get_attachment_metadata( $attachment_id ); 423 423 424 if ( ! $image_meta || ! $image_file ) { 424 if ( 425 ! $image_meta || 426 ! $image_file || 427 ! wp_image_file_matches_image_meta( $request['src'], $image_meta ) 428 ) { 425 429 return new WP_Error( 426 430 'rest_unknown_attachment', … … 1290 1294 'maximum' => 100, 1291 1295 ), 1296 'src' => array( 1297 'description' => __( 'URL to the edited image file.' ), 1298 'type' => 'string', 1299 'format' => 'uri', 1300 'required' => true, 1301 ), 1292 1302 ); 1293 1303 } -
trunk/tests/phpunit/tests/rest-api/rest-attachments-controller.php
r48464 r48498 1799 1799 */ 1800 1800 public function test_edit_image_returns_error_if_logged_out() { 1801 $attachment = self::factory()->attachment->create ();1801 $attachment = self::factory()->attachment->create_upload_object( $this->test_file ); 1802 1802 1803 1803 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1804 $request->set_body_params( array( 'src' => wp_get_attachment_image_url( $attachment, 'full' ) ) ); 1804 1805 $response = rest_do_request( $request ); 1805 1806 $this->assertErrorResponse( 'rest_cannot_edit_image', $response, 401 ); … … 1814 1815 1815 1816 wp_set_current_user( $user->ID ); 1816 $attachment = self::factory()->attachment->create ( array( 'post_author' => $user->ID ));1817 $attachment = self::factory()->attachment->create_upload_object( $this->test_file ); 1817 1818 1818 1819 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1820 $request->set_body_params( array( 'src' => wp_get_attachment_image_url( $attachment, 'full' ) ) ); 1819 1821 $response = rest_do_request( $request ); 1820 1822 $this->assertErrorResponse( 'rest_cannot_edit_image', $response, 403 ); … … 1826 1828 public function test_edit_image_returns_error_if_cannot_edit() { 1827 1829 wp_set_current_user( self::$uploader_id ); 1828 $attachment = self::factory()->attachment->create ();1830 $attachment = self::factory()->attachment->create_upload_object( $this->test_file ); 1829 1831 1830 1832 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1833 $request->set_body_params( array( 'src' => wp_get_attachment_image_url( $attachment, 'full' ) ) ); 1831 1834 $response = rest_do_request( $request ); 1832 1835 $this->assertErrorResponse( 'rest_cannot_edit', $response, 403 ); … … 1841 1844 1842 1845 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1846 $request->set_body_params( array( 'src' => '/wp-content/uploads/2020/07/canola.jpg' ) ); 1843 1847 $response = rest_do_request( $request ); 1844 1848 $this->assertErrorResponse( 'rest_unknown_attachment', $response, 404 ); … … 1859 1863 1860 1864 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1865 $request->set_body_params( array( 'src' => wp_get_attachment_image_url( $attachment, 'full' ) ) ); 1861 1866 $response = rest_do_request( $request ); 1862 1867 $this->assertErrorResponse( 'rest_cannot_edit_file_type', $response, 400 ); … … 1871 1876 1872 1877 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1878 $request->set_body_params( array( 'src' => wp_get_attachment_image_url( $attachment, 'full' ) ) ); 1873 1879 $response = rest_do_request( $request ); 1874 1880 $this->assertErrorResponse( 'rest_image_not_edited', $response, 400 ); … … 1885 1891 WP_Image_Editor_Mock::$edit_return['rotate'] = new WP_Error(); 1886 1892 1893 $params = array( 1894 'rotation' => 60, 1895 'src' => wp_get_attachment_image_url( $attachment, 'full' ), 1896 ); 1897 1887 1898 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1888 $request->set_body_params( array( 'rotation' => 60 ));1899 $request->set_body_params( $params ); 1889 1900 $response = rest_do_request( $request ); 1890 1901 $this->assertErrorResponse( 'rest_image_rotation_failed', $response, 500 ); … … 1916 1927 'width' => 10, 1917 1928 'height' => 5, 1929 'src' => wp_get_attachment_image_url( $attachment, 'full' ), 1930 1918 1931 ) 1919 1932 ); … … 1935 1948 $attachment = self::factory()->attachment->create_upload_object( $this->test_file ); 1936 1949 1950 $params = array( 1951 'rotation' => 60, 1952 'src' => wp_get_attachment_image_url( $attachment, 'full' ), 1953 ); 1954 1937 1955 $request = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment}/edit" ); 1938 $request->set_body_params( array( 'rotation' => 60 ));1956 $request->set_body_params( $params ); 1939 1957 $response = rest_do_request( $request ); 1940 1958 $item = $response->get_data(); … … 1947 1965 $this->assertEquals( $attachment, $item['media_details']['parent_image']['attachment_id'] ); 1948 1966 $this->assertContains( 'canola', $item['media_details']['parent_image']['file'] ); 1967 } 1968 1969 /** 1970 * @ticket 50565 1971 */ 1972 public function test_edit_image_returns_error_if_mismatched_src() { 1973 wp_set_current_user( self::$superadmin_id ); 1974 $attachment_id_image1 = self::factory()->attachment->create_upload_object( $this->test_file ); 1975 $attachment_id_image2 = self::factory()->attachment->create_upload_object( $this->test_file2 ); 1976 $attachment_id_file = self::factory()->attachment->create(); 1977 1978 // URL to the first uploaded image. 1979 $image_src = wp_get_attachment_image_url( $attachment_id_image1, 'large' ); 1980 1981 // Test: attachment ID points to a different, non-image attachment. 1982 $request_1 = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment_id_file}/edit" ); 1983 $request_1->set_body_params( array( 'src' => $image_src ) ); 1984 1985 $response_1 = rest_do_request( $request_1 ); 1986 $this->assertErrorResponse( 'rest_unknown_attachment', $response_1, 404 ); 1987 1988 // Test: attachment ID points to a different image attachment. 1989 $request_2 = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment_id_image2}/edit" ); 1990 $request_2->set_body_params( array( 'src' => $image_src ) ); 1991 1992 $response_2 = rest_do_request( $request_2 ); 1993 $this->assertErrorResponse( 'rest_unknown_attachment', $response_2, 404 ); 1994 1995 // Test: attachment src points to a sub-size of the image. 1996 $request_3 = new WP_REST_Request( 'POST', "/wp/v2/media/{$attachment_id_image1}/edit" ); 1997 $request_3->set_body_params( array( 'src' => wp_get_attachment_image_url( $attachment_id_image1, 'medium' ) ) ); 1998 1999 $response_3 = rest_do_request( $request_3 ); 2000 // 'rest_image_not_edited' as the file wasn't edited. 2001 $this->assertErrorResponse( 'rest_image_not_edited', $response_3, 400 ); 1949 2002 } 1950 2003 -
trunk/tests/qunit/fixtures/wp-api-generated.js
r48291 r48498 2378 2378 "description": "As a percentage of the image, the height to crop the image to.", 2379 2379 "type": "number" 2380 }, 2381 "src": { 2382 "required": true, 2383 "description": "URL to the edited image file.", 2384 "type": "string" 2380 2385 } 2381 2386 }
Note: See TracChangeset
for help on using the changeset viewer.