[wp-trac] [WordPress Trac] #48458: Regression: Auto-rotated or scaled image upload can overwrite previously uploaded image

WordPress Trac noreply at wordpress.org
Tue Oct 29 14:07:19 UTC 2019 

#48458: Regression: Auto-rotated or scaled image upload can overwrite previously
uploaded image
--------------------------+-----------------------------
 Reporter:  ianmjones     |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Media         |    Version:
 Severity:  major         |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 It's very easy to upload an image that uses the new auto rotation that
 overwrites the original file of a previously uploaded image.

 Steps to reproduce...

 1. Upload a "normal" image with name `image-rotated.jpg`

 This creates files such as...

 2019/10/image-rotated.jpg ''<- base file (full)''
 2019/10/image-rotated-150x150.jpg ''<-thumbnail''

 2. Upload an image originally sourced from an iPhone that is named
 `image.jpg` and that will be auto-rotated.

 This creates files such as...

 2019/10/image-rotated.jpg ''<- base file (full)''
 2019/10/image-rotated-150x150.jpg ''<-thumbnail''
 2019/10/image.jpg ''<- original_image''

 That second auto-rotated `2019/10/image-rotated.jpg` file has overwritten
 the original file from step (1).

 Both Media Library items now point to the same `2019/10/image-rotated.jpg`
 file in their `_wp_attached_file` and `_wp_attahcment_metadata` postmeta
 records.

 This means image (1) is effectively lost and thumbnail regeneration is
 going to use the image from step (2).

 Repeat with `another-image-scaled-2560.png` that is already scaled to the
 2560 threshold (2560x1440), followed by `another-image.png` that will be
 rescaled from 5120x2880.

 The `2019/10/another-image-scaled-2560.png` file from step (1) will be
 overwritten by the auto-scaled file from step (2).

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48458>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list