sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

XML-RPC: Return error message if attachment ID is incorrect. 

Throw an error for incorrect attachment IDs when requesting a media object to ensure return signature is correct and doesn't include incorrectly typed values within the object.

Props zieladam, peterwilsoncc, whyisjake.
Merges [49376] to trunk.
See #49905.

git-svn-id: https://develop.svn.wordpress.org/trunk@49385 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jonathan Desrosiers 2020-10-29 18:02:22 +00:00
parent 5bc27786d1
commit a6488f3ffb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/class-wp-xmlrpc-server.php
View File

@ -4311,7 +4311,7 @@ class wp_xmlrpc_server extends IXR_Server {
do_action( 'xmlrpc_call', 'wp.getMediaItem' );
$attachment = get_post( $attachment_id );
if ( ! $attachment ) {
if ( ! $attachment || 'attachment' !== $attachment->post_type ) {
return new IXR_Error( 404, __( 'Invalid attachment ID.' ) );
}