From cb323ada27946afe31b1f2027b2281fc3c11735d Mon Sep 17 00:00:00 2001
From: iandunn <iandunn@git.wordpress.org>
Date: Fri, 4 Dec 2020 21:46:06 +0000
Subject: [PATCH] Media: Return `WP_Error` when cropping with bad input to
 avoid fatal.

This avoids an error on PHP 8 caused by calling `wp_imagecreatetruecolor()` with inputs that aren't numeric, or are less than 0.

Props hellofromtonya, Boniu91, metalandcoffee, SergeyBiryukov.
Reviewed by SergeyBiryukov, iandunn.
Merges [49751] to the 5.6 branch.
Fixes #51937.

Built from https://develop.svn.wordpress.org/branches/5.6@49753


git-svn-id: http://core.svn.wordpress.org/branches/5.6@49476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/class-wp-image-editor-gd.php | 10 ++++++++--
 wp-includes/media.php                    |  2 +-
 wp-includes/version.php                  |  2 +-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/wp-includes/class-wp-image-editor-gd.php b/wp-includes/class-wp-image-editor-gd.php
index abf03c869b..cbcc880b4d 100644
--- a/wp-includes/class-wp-image-editor-gd.php
+++ b/wp-includes/class-wp-image-editor-gd.php
@@ -323,7 +323,13 @@ class WP_Image_Editor_GD extends WP_Image_Editor {
 			$dst_h = $src_h;
 		}
 
-		$dst = wp_imagecreatetruecolor( $dst_w, $dst_h );
+		foreach ( array( $src_w, $src_h, $dst_w, $dst_h ) as $value ) {
+			if ( ! is_numeric( $value ) || (int) $value <= 0 ) {
+				return new WP_Error( 'image_crop_error', __( 'Image crop failed.' ), $this->file );
+			}
+		}
+
+		$dst = wp_imagecreatetruecolor( (int) $dst_w, (int) $dst_h );
 
 		if ( $src_abs ) {
 			$src_w -= $src_x;
@@ -334,7 +340,7 @@ class WP_Image_Editor_GD extends WP_Image_Editor {
 			imageantialias( $dst, true );
 		}
 
-		imagecopyresampled( $dst, $this->image, 0, 0, $src_x, $src_y, $dst_w, $dst_h, $src_w, $src_h );
+		imagecopyresampled( $dst, $this->image, 0, 0, (int) $src_x, (int) $src_y, (int) $dst_w, (int) $dst_h, (int) $src_w, (int) $src_h );
 
 		if ( is_gd_image( $dst ) ) {
 			imagedestroy( $this->image );
diff --git a/wp-includes/media.php b/wp-includes/media.php
index 3d8507ff90..e651dcbccf 100644
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@@ -3505,7 +3505,7 @@ function is_gd_image( $image ) {
  *
  * @param int $width  Image width in pixels.
  * @param int $height Image height in pixels.
- * @return resource|GdImage The GD image resource or GdImage instance.
+ * @return resource|GdImage|false The GD image resource or GdImage instance on success. False on failure.
  */
 function wp_imagecreatetruecolor( $width, $height ) {
 	$img = imagecreatetruecolor( $width, $height );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 338e860ffa..f5b610fc4d 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.6-RC3-49749';
+$wp_version = '5.6-RC3-49753';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.