WordPress.org

Make WordPress Core

Opened 7 weeks ago

Last modified 4 weeks ago

#42064 new defect (bug)

wp_crop_image() does not work when fopen() is disabled

Reported by: jadonn Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9
Component: General Keywords:
Focuses: Cc:

Description

While running the WordPress PHP Unit testing framework, a single test for wp_crop_image() failed consistently. After @danielbachhuber debugged the test, he found that wp_crop_image() was failing because it depended on _load_image_to_edit_path, which he said is dependent on fopen(). WordPress is supposed to function when fopen() is disabled. wp_crop_image's dependency on fopen is incorrect.

To reproduce the issue:
Disable allow_url_fopen in PHP
Setup the PHPUnit Test Runner (https://github.com/WordPress/phpunit-test-runner)
Run the PHPUnit Test Runner.

The test runner should report the following failed test:
Tests_Image_Functions::test_wp_crop_image_url Failed asserting that WP_Error Object (...) is not an instance of class "WP_Error". /../../../phpunit-test-runner/wp-test-runner/tests/phpunit/tests/image/functions.php:317

The WP_Error object reports the following:
Fobject(WP_Error)#9993 (2) {

errors?=>
array(1) {

invalid_image?=>
array(1) {

[0]=>
string(21) "File is not an image."

}

}
error_data?=>
array(1) {

invalid_image?=>
string(60) "https://asdftestblog1.files.wordpress.com/2008/04/canola.jpg"

}

}

The image is a valid image otherwise, such as when viewed through the browser. The test fails on PHP 5.6, PHP 7.0, and PHP 7.1 when fopen is disabled.

Change History (3)

This ticket was mentioned in Slack in #hosting-community by mike. View the logs.


6 weeks ago

#2 @danielbachhuber
5 weeks ago

Related: https://core.trac.wordpress.org/ticket/37681#comment:1

It appears to be hit if you're editing an image which was uploaded pre-2.7 and/or if the file metadata has gone missing. In that case, the image editors will treat the image URL as the source image through the filesystem wrappers, bypassing wp_remote_get(), which is why the fopen and allow_url_fopen are there.

Originally committed in r20384

I see a couple of options:

  1. Use download_url() to download a copy of the image to /tmp, and permit image modifications from that.
    • Advantage: Greater cross-platform compatibility for this feature.
    • Disadvantage: Web server has a potentially duplicate copy of the image on the filesystem (which is likely inconsequential).
  2. Mark Tests_Image_Functions::test_wp_crop_image_url as skipped when fopen isn't available or allow_url_fopen is false.
    • Advantage: Least risky approach.
    • Disadvantage: Adds yet another skipped test to the test suite.

This ticket was mentioned in Slack in #hosting-community by mike. View the logs.


4 weeks ago

Note: See TracTickets for help on using tickets.