From 2d728713ac372da8b461dc4c15b83d66bd8be872 Mon Sep 17 00:00:00 2001 From: Andrew Ozz Date: Thu, 16 Jul 2020 21:56:08 +0000 Subject: [PATCH] REST API: Prevent attachment ID/image source mismatch when editing an image. Fixes #50565. Built from https://develop.svn.wordpress.org/trunk@48498 git-svn-id: http://core.svn.wordpress.org/trunk@48260 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- .../class-wp-rest-attachments-controller.php | 12 +++++++++++- wp-includes/version.php | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index e74ce6821f..8c4a87a646 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php @@ -421,7 +421,11 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { $image_file = wp_get_original_image_path( $attachment_id ); $image_meta = wp_get_attachment_metadata( $attachment_id ); - if ( ! $image_meta || ! $image_file ) { + if ( + ! $image_meta || + ! $image_file || + ! wp_image_file_matches_image_meta( $request['src'], $image_meta ) + ) { return new WP_Error( 'rest_unknown_attachment', __( 'Unable to get meta information for file.' ), @@ -1289,6 +1293,12 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 'minimum' => 0, 'maximum' => 100, ), + 'src' => array( + 'description' => __( 'URL to the edited image file.' ), + 'type' => 'string', + 'format' => 'uri', + 'required' => true, + ), ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 416fa8f053..a6845db4b0 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.5-beta2-48497'; +$wp_version = '5.5-beta2-48498'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.