REST API: Remove unnecessary upload overrides in font face controller.

This removes settings that are the default value or required for side-loading from the `WP_REST_Font_Faces_Controller::handle_font_file_upload()`.

This is to harden the endpoint and future proof against any changes to `wp_handle_upload()` and related functions/security checks.

Reviewed by swissspidy, audrasjb.
Merges [57804] to the to the 6.5 branch.

Props peterwilsoncc, dd32.
Fixes #60741.




Built from https://develop.svn.wordpress.org/branches/6.5@57813


git-svn-id: http://core.svn.wordpress.org/branches/6.5@57314 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php

@@ -874,18 +874,17 @@ class WP_REST_Font_Faces_Controller extends WP_REST_Posts_Controller {
 
 		$overrides = array(
 			'upload_error_handler' => array( $this, 'handle_font_file_upload_error' ),
-			// Arbitrary string to avoid the is_uploaded_file() check applied
-			// when using 'wp_handle_upload'.
-			'action'               => 'wp_handle_font_upload',
 			// Not testing a form submission.
 			'test_form'            => false,
-			// Seems mime type for files that are not images cannot be tested.
-			// See wp_check_filetype_and_ext().
-			'test_type'            => true,
 			// Only allow uploading font files for this request.
 			'mimes'                => WP_Font_Utils::get_allowed_font_mime_types(),
 		);
 
+		// Bypasses is_uploaded_file() when running unit tests.
+		if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) {
+			$overrides['action'] = 'wp_handle_mock_upload';
+		}
+
 		$uploaded_file = wp_handle_upload( $file, $overrides );
 
 		remove_filter( 'upload_dir', $set_upload_dir );

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.5-RC1-57812';
+$wp_version = '6.5-RC1-57813';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.