[wp-trac] [WordPress Trac] #61949: Do not call getimagesize() against non-existent files

WordPress Trac noreply at wordpress.org
Wed Aug 28 17:12:59 UTC 2024


#61949: Do not call getimagesize() against non-existent files
--------------------------+-----------------------------
 Reporter:  slaFFik       |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Media         |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 When you call `wp_get_attachment_image_src()` against an attachment file
 that is not image but that does have the thumbnail attached to it OR when
 you call `wp_getimagesize()` directly - the later generates a PHP warning
 in certain cases because it retrieves image sizes for a file that does not
 exist.

 The problem is indeed that a non-existent file path is passed, but there
 is no way to hijack it easily in certain cases.
 While I'm trying to find a solution how to do all the filtering of
 `wp_mime_type_icon` and `wp_get_attachment_image_src` that I need, but I
 still think that a defensive mechanism can be implemented in WordPress
 itself.

 There is no `is_readable()` check anywhere, it just all falls back to
 `getimagesize( $filename )` with or without silencer (`@`) depending on
 the `WP_DEBUG` state.

 My case is that in `wp_get_attachment_image_src()` from this call:

 {{{#!php
 <?php
 $src = wp_mime_type_icon( $attachment_id, '.svg' );
 }}}


 I return an image URL, which is correct and live. It's also used correctly
 in other areas of WordPress, hence the correct icon URL I filter there.

 But then we have these calls:

 {{{#!php
 <?php
 $icon_dir = apply_filters( 'icon_dir', ABSPATH . WPINC . '/images/media'
 );
 $src_file = $icon_dir . '/' . wp_basename( $src );
 }}}


 As you can see, it drops the path, just uses the file name, and appends it
 to the `wp-includes` path. Obviously, I can't filter the `icon_dir` filter
 as it has zero identifiable bits I can use to hijack the path and preserve
 the data I need.

 And then it calls `wp_getimagesize()` without any filters of the src path
 before calling `getimagesize()`.

 It is possible to introduce new filters, rewrite the logic in
 `wp_get_attachment_image_src()` to fallback correctly, but IMO the easiest
 solution would be to just add `is_readable()` check like this at the top
 of the `wp_getimagesize()` function:


 {{{#!php
 <?php
 // We can't read what doesn't exist.
 if ( ! is_readable( $filename ) ) {
         return false;
 }
 }}}

 All warnings are gone, default failing `false` value preserved.

 All the code and findings are as per WordPress 6.6.1.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61949>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list