WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/16/2020 09:54:37 PM (3 months ago)
Author:
azaozz
Message:

REST API: Prevent attachment ID/image source mismatch when editing an image.

Fixes #50565.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php

    r48408 r48498  
    422422        $image_meta = wp_get_attachment_metadata( $attachment_id );
    423423
    424         if ( ! $image_meta || ! $image_file ) {
     424        if (
     425            ! $image_meta ||
     426            ! $image_file ||
     427            ! wp_image_file_matches_image_meta( $request['src'], $image_meta )
     428        ) {
    425429            return new WP_Error(
    426430                'rest_unknown_attachment',
     
    12901294                'maximum'     => 100,
    12911295            ),
     1296            'src'      => array(
     1297                'description' => __( 'URL to the edited image file.' ),
     1298                'type'        => 'string',
     1299                'format'      => 'uri',
     1300                'required'    => true,
     1301            ),
    12921302        );
    12931303    }
Note: See TracChangeset for help on using the changeset viewer.