Make WordPress Core


Ignore:
Timestamp:
05/25/2023 03:15:45 PM (17 months ago)
Author:
antpb
Message:

Media: Prevent scaling up of images in the Image Editor.

Previously, when scaling an image larger than the source size in the image edit states the image would silently fail the scaling action. This patch provides an error when someone attempts to scale an image larger than the source size while also disabling the button to initiate the action.

Props brookedot, joedolson, markoheijnen, mikeschroder, desrosj, Mista-Flo, costdev.
Fixes #26381.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/image-edit.php

    r55276 r55859  
    144144            ?>
    145145        </label>
    146         <input type="text" id="imgedit-scale-width-<?php echo $post_id; ?>" onkeyup="imageEdit.scaleChanged(<?php echo $post_id; ?>, 1, this)" onblur="imageEdit.scaleChanged(<?php echo $post_id; ?>, 1, this)" value="<?php echo isset( $meta['width'] ) ? $meta['width'] : 0; ?>" />
     146        <input type="number" aria-describedby="imgedit-scale-warn-<?php echo $post_id; ?>" min="1" max="<?php echo isset( $meta['width'] ) ? $meta['width'] : ''; ?>" step="1" id="imgedit-scale-width-<?php echo $post_id; ?>" onkeyup="imageEdit.scaleChanged(<?php echo $post_id; ?>, 1, this)" onchange="imageEdit.scaleChanged(<?php echo $post_id; ?>, 0, this)" onblur="imageEdit.scaleChanged(<?php echo $post_id; ?>, 1, this)" value="<?php echo isset( $meta['width'] ) ? $meta['width'] : 0; ?>" />
    147147        <span class="imgedit-separator" aria-hidden="true">&times;</span>
    148148        <label for="imgedit-scale-height-<?php echo $post_id; ?>" class="screen-reader-text">
     
    152152            ?>
    153153        </label>
    154         <input type="text" id="imgedit-scale-height-<?php echo $post_id; ?>" onkeyup="imageEdit.scaleChanged(<?php echo $post_id; ?>, 0, this)" onblur="imageEdit.scaleChanged(<?php echo $post_id; ?>, 0, this)" value="<?php echo isset( $meta['height'] ) ? $meta['height'] : 0; ?>" />
    155         <span class="imgedit-scale-warn" id="imgedit-scale-warn-<?php echo $post_id; ?>">!</span>
     154        <input type="number" aria-describedby="imgedit-scale-warn-<?php echo $post_id; ?>" min="1" max="<?php echo isset( $meta['height'] ) ? $meta['height'] : ''; ?>" step="1" id="imgedit-scale-height-<?php echo $post_id; ?>" onkeyup="imageEdit.scaleChanged(<?php echo $post_id; ?>, 0, this)" onchange="imageEdit.scaleChanged(<?php echo $post_id; ?>, 0, this)" onblur="imageEdit.scaleChanged(<?php echo $post_id; ?>, 0, this)" value="<?php echo isset( $meta['height'] ) ? $meta['height'] : 0; ?>" />
    156155        <div class="imgedit-scale-button-wrapper"><input id="imgedit-scale-button" type="button" onclick="imageEdit.action(<?php echo "$post_id, '$nonce'"; ?>, 'scale')" class="button button-primary" value="<?php esc_attr_e( 'Scale' ); ?>" /></div>
    157156        </div>
     157        <span class="imgedit-scale-warn" id="imgedit-scale-warn-<?php echo $post_id; ?>"><span class="dashicons dashicons-warning" aria-hidden="true"></span><?php esc_html_e( 'Images cannot be scaled to a size larger than the original.' ); ?></span>
     158
    158159        </fieldset>
    159160
     
    894895    $scale   = ! empty( $_REQUEST['do'] ) && 'scale' === $_REQUEST['do'];
    895896
    896     if ( $scale && $fwidth > 0 && $fheight > 0 ) {
     897    if ( $scale ) {
    897898        $size = $img->get_size();
    898899        $sX   = $size['width'];
    899900        $sY   = $size['height'];
    900901
    901         // Check if it has roughly the same w / h ratio.
    902         $diff = round( $sX / $sY, 2 ) - round( $fwidth / $fheight, 2 );
    903         if ( -0.1 < $diff && $diff < 0.1 ) {
    904             // Scale the full size image.
    905             if ( $img->resize( $fwidth, $fheight ) ) {
    906                 $scaled = true;
    907             }
    908         }
    909 
    910         if ( ! $scaled ) {
    911             $return->error = esc_js( __( 'Error while saving the scaled image. Please reload the page and try again.' ) );
     902        if ( $sX < $fwidth || $sY < $fheight ) {
     903            $return->error = esc_js( __( 'Images cannot be scaled to a size larger than the original.' ) );
    912904            return $return;
     905        }
     906
     907        if ( $fwidth > 0 && $fheight > 0 ) {
     908            // Check if it has roughly the same w / h ratio.
     909            $diff = round( $sX / $sY, 2 ) - round( $fwidth / $fheight, 2 );
     910            if ( -0.1 < $diff && $diff < 0.1 ) {
     911                // Scale the full size image.
     912                if ( $img->resize( $fwidth, $fheight ) ) {
     913                    $scaled = true;
     914                }
     915            }
     916
     917            if ( ! $scaled ) {
     918                $return->error = esc_js( __( 'Error while saving the scaled image. Please reload the page and try again.' ) );
     919                return $return;
     920            }
    913921        }
    914922    } elseif ( ! empty( $_REQUEST['history'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.