From cb323ada27946afe31b1f2027b2281fc3c11735d Mon Sep 17 00:00:00 2001 From: iandunn Date: Fri, 4 Dec 2020 21:46:06 +0000 Subject: [PATCH] Media: Return `WP_Error` when cropping with bad input to avoid fatal. This avoids an error on PHP 8 caused by calling `wp_imagecreatetruecolor()` with inputs that aren't numeric, or are less than 0. Props hellofromtonya, Boniu91, metalandcoffee, SergeyBiryukov. Reviewed by SergeyBiryukov, iandunn. Merges [49751] to the 5.6 branch. Fixes #51937. Built from https://develop.svn.wordpress.org/branches/5.6@49753 git-svn-id: http://core.svn.wordpress.org/branches/5.6@49476 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-image-editor-gd.php | 10 ++++++++-- wp-includes/media.php | 2 +- wp-includes/version.php | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/wp-includes/class-wp-image-editor-gd.php b/wp-includes/class-wp-image-editor-gd.php index abf03c869b..cbcc880b4d 100644 --- a/wp-includes/class-wp-image-editor-gd.php +++ b/wp-includes/class-wp-image-editor-gd.php @@ -323,7 +323,13 @@ class WP_Image_Editor_GD extends WP_Image_Editor { $dst_h = $src_h; } - $dst = wp_imagecreatetruecolor( $dst_w, $dst_h ); + foreach ( array( $src_w, $src_h, $dst_w, $dst_h ) as $value ) { + if ( ! is_numeric( $value ) || (int) $value <= 0 ) { + return new WP_Error( 'image_crop_error', __( 'Image crop failed.' ), $this->file ); + } + } + + $dst = wp_imagecreatetruecolor( (int) $dst_w, (int) $dst_h ); if ( $src_abs ) { $src_w -= $src_x; @@ -334,7 +340,7 @@ class WP_Image_Editor_GD extends WP_Image_Editor { imageantialias( $dst, true ); } - imagecopyresampled( $dst, $this->image, 0, 0, $src_x, $src_y, $dst_w, $dst_h, $src_w, $src_h ); + imagecopyresampled( $dst, $this->image, 0, 0, (int) $src_x, (int) $src_y, (int) $dst_w, (int) $dst_h, (int) $src_w, (int) $src_h ); if ( is_gd_image( $dst ) ) { imagedestroy( $this->image ); diff --git a/wp-includes/media.php b/wp-includes/media.php index 3d8507ff90..e651dcbccf 100644 --- a/wp-includes/media.php +++ b/wp-includes/media.php @@ -3505,7 +3505,7 @@ function is_gd_image( $image ) { * * @param int $width Image width in pixels. * @param int $height Image height in pixels. - * @return resource|GdImage The GD image resource or GdImage instance. + * @return resource|GdImage|false The GD image resource or GdImage instance on success. False on failure. */ function wp_imagecreatetruecolor( $width, $height ) { $img = imagecreatetruecolor( $width, $height ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 338e860ffa..f5b610fc4d 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.6-RC3-49749'; +$wp_version = '5.6-RC3-49753'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.