Opened 7 years ago
Closed 6 years ago
#43255 closed defect (bug) (fixed)
WP_Image_Editor::make_image leaves an output buffer open on failure
Reported by: | gnif | Owned by: | kirasong |
---|---|---|---|
Milestone: | 4.9.9 | Priority: | normal |
Severity: | critical | Version: | 3.5 |
Component: | Media | Keywords: | has-patch fixed-major fixed-5.0 |
Focuses: | Cc: |
Description
WP_Image_Editor::make_image is failing to clean up on failure leaving an output buffer open.
If the call to fopen fails the function returns without calling 'ob_end_clean()'
protected function make_image( $filename, $function, $arguments ) { if ( $stream = wp_is_stream( $filename ) ) { ob_start(); } else { // The directory containing the original file may no longer exist when using a replication plugin. wp_mkdir_p( dirname( $filename ) ); } $result = call_user_func_array( $function, $arguments ); if ( $result && $stream ) { $contents = ob_get_contents(); $fp = fopen( $filename, 'w' ); if ( ! $fp ) { ob_end_clean(); // <-- This is needed return false; } fwrite( $fp, $contents ); fclose( $fp ); } if ( $stream ) { ob_end_clean(); } return $result; }
Attachments (1)
Change History (28)
#1
@
7 years ago
- Keywords needs-patch good-first-bug added
- Milestone changed from Awaiting Review to 4.9.5
#2
@
7 years ago
- Keywords has-patch added; needs-patch removed
- Owner set to dhanendran
- Status changed from new to assigned
#4
@
7 years ago
- Keywords fixed-major added
- Resolution fixed deleted
- Status changed from closed to reopened
Reopening for 4.9.5 consideration.
#5
follow-up:
↓ 6
@
7 years ago
The patch committed is incorrect, it is uselessly checking again if $stream
is set when it was already checked on line 406
406 if ( $result && $stream ) { 407 $contents = ob_get_contents();
#6
in reply to:
↑ 5
@
7 years ago
Replying to gnif:
The patch committed is incorrect, it is uselessly checking again if
$stream
is set when it was already checked
Ah, I missed the earlier check. Thanks for catching that!
This ticket was mentioned in Slack in #core-media by mike. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-media by desrosj. View the logs.
7 years ago
#10
@
7 years ago
In the media meeting, we were noticing that this is still open for 4.9.5.
Changing the way output buffering works in a minor release makes me a bit nervous.
What are the potential side effects if folks were working around this behaviour, and it changes?
This ticket was mentioned in Slack in #core-media by mike. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-media by mike. View the logs.
7 years ago
#13
@
7 years ago
- Keywords good-first-bug has-patch fixed-major removed
- Milestone changed from 4.9.5 to 5.0
- Resolution set to fixed
- Status changed from reopened to closed
To have this be a safer change, going to assign to 5.0 and close as fixed.
If this is causing significant platform problems for anyone, or there are arguments in support of safety of shipping this in a minor, please feel free to comment or re-open, and can definitely reconsider.
#14
@
7 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
I have a large client that encountered this bug, it caused the home page content to be replaced with binary image data. I'd say that's a pretty major problem.
It can be triggered by any module that tries to download content from a remote server and fails, in our case it was an image from Flickr (https://farm5.staticflickr.com/4751/39430293454_286b82ba56_b-400x250.jpg) that is no longer valid. Due to this, 200K+ of binary data was dumped into the output of every page on the website.
This could trigger bugs in code that post-processes the output, such as shortcodes, and potentially be leveraged to execute arbitrary code.
#16
@
6 years ago
- Severity changed from normal to critical
Please patch the latest version of Wordpress with this and remove the 5.0 milestone! My client yet again had a down website due to this bug after upgrading wordpress.
#18
@
6 years ago
Given lack of feedback otherwise, and since it's affecting sites, I think it makes sense to go ahead and backport this.
This ticket was mentioned in Slack in #core-media by mike. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-media by joemcgill. View the logs.
6 years ago
#21
@
6 years ago
- Owner changed from dhanendran to mikeschroder
- Status changed from reopened to assigned
@mikeschroder agreed to handle the backport to 4.9.9.
#23
@
6 years ago
- Keywords fixed-major removed
- Milestone changed from 4.9.9 to 5.0
- Resolution fixed deleted
- Status changed from closed to reopened
[43649] can be ported to 5.0. After 5.0, it needs to be reverted from the 4.9 branch (add fixed-major
after the port, and leave the issue open).
#25
@
6 years ago
- Keywords fixed-major added
- Resolution fixed deleted
- Status changed from closed to reopened
Reopening for a revert from the 4.9 branch per comment:23.
Hi @dhanendran, thanks for the patch! I'm going to mark this
good-first-bug
as claimed to ensure that you get timely feedback on it :-)If for whatever reason a few days go by without hearing from anyone, I suggest contacting anyone on the the list of maintainers for the Media component.