From 4a1cc2c3e2a995308c7a1ba6071f30e7be3faffa Mon Sep 17 00:00:00 2001 From: hellofromTonya Date: Fri, 15 Oct 2021 22:58:56 +0000 Subject: [PATCH] FileSystem API: Add safeguard for invalid return from `get_attached_file()` in `wp_delete_attachment()`. The `get_attached_file()` function is supposed to return the path to the file, but could: 1. Return `false` if the file doesn't exist. 2. Return literally anything else, as a filter is being applied to the value on return. As the `clean_dirsize_cache()` now has input validation, passing anything but a non-empty string to `clean_dirsize_cache()` will result in a PHP error notice. This was exposed by the `Tests_Post_GetPostStatus::wpSetUpBeforeClass()` method which started generating unexpected output (the doing it wrong message) during the test run. While this indicates that there is a flaw in the mocking being done in the test suite, debugging that is outside of the scope of the current patch. At the same time, as based on the above point, this ''could'' potentially happen in a real-world situation as well, adding additional conditions to the `if` in the `wp_delete_attachment()` function before calling the `clean_dirsize_cache()` function, is warranted. As there are no tests for the `wp_delete_attachment()` function at all at this time, we're not adding a test specifically for this change for now. This should however be addressed in the future, when tests will be added to cover the `wp_delete_attachment()` function completely. Follow-up to [32619], [49212], [51910]. Props jrf, hellofromTonya. See #52241. Built from https://develop.svn.wordpress.org/trunk@51912 git-svn-id: http://core.svn.wordpress.org/trunk@51505 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/post.php | 2 +- wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-includes/post.php b/wp-includes/post.php index b13942002a..7073328c0d 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -6162,7 +6162,7 @@ function wp_delete_attachment( $post_id, $force_delete = false ) { $backup_sizes = get_post_meta( $post->ID, '_wp_attachment_backup_sizes', true ); $file = get_attached_file( $post_id ); - if ( is_multisite() ) { + if ( is_multisite() && is_string( $file ) && ! empty( $file ) ) { clean_dirsize_cache( $file ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 7c05884485..7c7da6bdf0 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '5.9-alpha-51911'; +$wp_version = '5.9-alpha-51912'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.