XML-RPC: Return error message if attachment ID is incorrect.

Throw an error for incorrect attachment IDs when requesting a media object to ensure return signature is correct and doesn't include incorrectly typed values within the object. Props zieladam, peterwilsoncc, whyisjake. Merges [49376] to trunk. See #49905. Built from https://develop.svn.wordpress.org/trunk@49385 git-svn-id: http://core.svn.wordpress.org/trunk@49144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-25 22:35:02 +02:00 · 2020-10-29 18:05:06 +00:00 · 2020-10-29 18:05:06 +00:00 · d3ec258f91
commit d3ec258f91
parent 1050613168
2 changed files with 2 additions and 2 deletions
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@ -4311,7 +4311,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		do_action( 'xmlrpc_call', 'wp.getMediaItem' );

 		$attachment = get_post( $attachment_id );
-		if ( ! $attachment ) {
+		if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
 			return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
 		}

--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.6-beta2-49384';
+$wp_version = '5.6-beta2-49385';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.