WordPress.org
Get WordPress

Make WordPress Core

Opened 2 months ago

Last modified 6 weeks ago

#64010 new defect (bug)

wp_die() status code Media component updates (parent ticket: #64009)

Reported by: callumbw95's profile callumbw95 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: trunk
Component: Media Keywords: has-patch dev-feedback
Focuses: Cc:

Description

If you have come here directly, please refer back to the parent ticket here: #64009

This ticket is regarding the wp_die() function calls within the Media component and will cover the following locations:

Filepath Line Number Context Status Code New Code Code Meaning
src/wp-admin/includes/class-file-upload-upgrader.php 57 REQUEST: invalid params 500 400 Bad Request
src/wp-admin/includes/claass-file-upload-upgrader.php 82 UPLOAD: Invalid file 500 422 Unprocessable Content
src/wp-admin/includes/class-file-upload-upgrader.php 91 UPLOAD: Invalid file 500 422 Unprocessable Content
src/wp-admin/includes/class-file-upload-upgrader.php 120 UPLOAD: missing file 500 400 Bad Request
src/wp-admin/includes/class-file-upload-upgrader.php 136 UPLOAD: missing file 500 400 Bad Request
src/wp-admin/async-upload.php 35 User Permissions: does not have access 500 403 Forbidden
src/wp-admin/async-upload.php 43 Error: invalid post type 500 400 Bad Request
src/wp-admin/media-new.php 16 User Permissions: does not have access 500 403 Forbidden
src/wp-admin/upload.php 13 User Permissions: does not have access 500 403 Forbidden
src/wp-admin/upload.php 296 User Permissions: does not have access 500 403 Forbidden
src/wp-admin/upload.php 317 User Permissions: does not have access 500 403 Forbidden
src/wp-admin/upload.php 332 User Permissions: does not have access 500 403 Forbidden

There are however the following function calls I have not touched as I felt they were already valid with their current status code:

Filepath Line Number Status Code
src/wp-admin/includes/class-file-upload-upgrader.php 69 500
src/wp-admin/includes/class-file-upload-upgrader.php 129 500
src/wp-admin/media-new.php 35 500
src/wp-admin/media-upload.php 30 403
src/wp-admin/media-upload.php 37 403
src/wp-admin/media-upload.php 45 403
src/wp-admin/upload.php 300 500
src/wp-admin/upload.php 321 500
src/wp-admin/upload.php 336 500

Please have a look through the suggested changes documented here, and any/all feedback is appreciated. 😃

Change History (4)

This ticket was mentioned in PR #9966 on WordPress/wordpress-develop by @callumbw95.
2 months ago #1

  • Keywords has-patch added

…s related to the media component

Trac ticket: 64010

#2 @rollybueno
7 weeks ago

Test Report

Description

This report validates whether the indicated patch works as expected.

Patch tested: https://github.com/WordPress/wordpress-develop/pull/9966

Environment

  • WordPress: 6.9-alpha-60093-src
  • PHP: 8.2.29
  • Server: nginx/1.29.1
  • Database: mysqli (Server: 8.4.6 / Client: mysqlnd 8.2.29)
  • Browser: Chrome 140.0.0.0
  • OS: Linux
  • Theme: Twenty Twenty-Five 1.3
  • MU Plugins: None activated
  • Plugins:
    • Gutenberg 21.7.0
    • Test Reports 1.2.0

Actual Results

  1. ❎ Issue not resolved with patch when using "browser uploader" method - https://imgur.com/J6luFPO

Tested the following using "browser uploader" method instead of "multi file uploader":

  1. ❎ Invalid file. In this case, I'm using .svg.

Before: https://i.imgur.com/EFKyqt2.png
After: https://i.imgur.com/YJTWB9X.png - still 500

  1. ❎ Missing file. I have to trick the "browser uploader" by removing the disabled attribute of the Upload button as well as the required attribute of the file field.

Before: https://i.imgur.com/9sS7Ny7.png
After: https://i.imgur.com/NwLR6sL.png - still 500

Additional Note

  1. Uploading invalid file through the "multi file uploader" does not trigger wp_die() - https://imgur.com/YJoBxNR
  2. I'm not quite sure how to test permission properly though..
Last edited 7 weeks ago by rollybueno (previous) (diff)

#3 @rollybueno
7 weeks ago

  • Keywords dev-feedback added

Hey @callumbw95 - can you check my report above? I was expecting invalid error to be 422 and missing to be 400 as stated in your description.

#4 @callumbw95
6 weeks ago

Hi @rollybueno,

Apologies for the delayed response on my part. I have now taken a look into your report, and the reason you are still seeing a 500 error here is that media-new.php form submission is handle by the following code on lines 29-40 within the same file:

<?php
if ( $_POST ) {
        if ( isset( $_POST['html-upload'] ) && ! empty( $_FILES ) ) {
                check_admin_referer( 'media-form' );
                // Upload File button was clicked.
                $upload_id = media_handle_upload( 'async-upload', $post_id );
                if ( is_wp_error( $upload_id ) ) {
                        wp_die( $upload_id );
                }
        }
        wp_redirect( admin_url( 'upload.php' ) );
        exit;
}

I have not updated this error status code for src/wp-admin/media-new.php:35 from a 500 error, as there are a variety of error codes that it could be within the media_handle_upload() and _wp_handle_upload() functions.

However this does raise a question around if we could obtain the error code from these functions in some way for use within the wp_die() function? I have done some digging here, and nothing obvious presented itself, so I am not sure how we would best update this instance.

Note: See TracTickets for help on using tickets.