Make WordPress Core

Changeset 57813


Ignore:
Timestamp:
03/12/2024 01:33:26 PM (8 months ago)
Author:
audrasjb
Message:

REST API: Remove unnecessary upload overrides in font face controller.

This removes settings that are the default value or required for side-loading from the WP_REST_Font_Faces_Controller::handle_font_file_upload().

This is to harden the endpoint and future proof against any changes to wp_handle_upload() and related functions/security checks.

Reviewed by swissspidy, audrasjb.
Merges [57804] to the to the 6.5 branch.

Props peterwilsoncc, dd32.
Fixes #60741.

Location:
branches/6.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/6.5

  • branches/6.5/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php

    r57740 r57813  
    875875        $overrides = array(
    876876            'upload_error_handler' => array( $this, 'handle_font_file_upload_error' ),
    877             // Arbitrary string to avoid the is_uploaded_file() check applied
    878             // when using 'wp_handle_upload'.
    879             'action'               => 'wp_handle_font_upload',
    880877            // Not testing a form submission.
    881878            'test_form'            => false,
    882             // Seems mime type for files that are not images cannot be tested.
    883             // See wp_check_filetype_and_ext().
    884             'test_type'            => true,
    885879            // Only allow uploading font files for this request.
    886880            'mimes'                => WP_Font_Utils::get_allowed_font_mime_types(),
    887881        );
     882
     883        // Bypasses is_uploaded_file() when running unit tests.
     884        if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) {
     885            $overrides['action'] = 'wp_handle_mock_upload';
     886        }
    888887
    889888        $uploaded_file = wp_handle_upload( $file, $overrides );
Note: See TracChangeset for help on using the changeset viewer.