XML-RPC: Return error message if attachment ID is incorrect.

Throw an error for incorrect attachment IDs when requesting a media object to ensure return signature is correct and doesn't include incorrectly typed values within the object. Props zieladam, peterwilsoncc, whyisjake. Merges [49376] to trunk. See #49905. git-svn-id: https://develop.svn.wordpress.org/trunk@49385 602fd350-edb4-49c9-b593-d223f7449a82
2020-10-29 18:02:22 +00:00 · 2020-10-29 18:02:22 +00:00 · a6488f3ffb
commit a6488f3ffb
parent 5bc27786d1
1 changed files with 1 additions and 1 deletions
--- a/src/wp-includes/class-wp-xmlrpc-server.php
+++ b/src/wp-includes/class-wp-xmlrpc-server.php
@ -4311,7 +4311,7 @@ class wp_xmlrpc_server extends IXR_Server {
 		do_action( 'xmlrpc_call', 'wp.getMediaItem' );

 		$attachment = get_post( $attachment_id );
-		if ( ! $attachment ) {
+		if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
 			return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
 		}