Media: Backport client-side-media sideload improvements from WordPress core backports#79603
Draft
adamsilverstein wants to merge 3 commits into
Draft
Media: Backport client-side-media sideload improvements from WordPress core backports#79603adamsilverstein wants to merge 3 commits into
adamsilverstein wants to merge 3 commits into
Conversation
…hed-file operations Backport the robustness guards from the WordPress core counterpart (wordpress-develop #12002) into the client-side-media sideload controller: - Return a 404 `rest_sideload_no_attached_file` error when `get_attached_file()` yields no path, instead of passing a falsy value to `wp_basename()`. - Only repoint the attached file when it actually changed, and return a 500 `rest_sideload_update_attached_file_failed` error if `update_attached_file()` fails, so a stale `original_image` is not recorded against a half-updated attachment. The dimension/readability validation core also adds here is already covered earlier in this method by the up-front `wp_getimagesize()` + `validate_image_dimensions()` checks, so only the attached-file guards are ported.
adamsilverstein
changed the title
Port the core #12007 coverage that verifies image_output_format and image_save_progressive are absent from the REST response for a non-image attachment (a .woff font), matching the controller's wp_attachment_is_image() gating.
Backport three guards from Core PR #12003 to keep the client-side sideload finalize route equivalent to wp-includes: - Require minLength 1 on the sub_sizes 'file' and 'original_image' schema properties so empty strings are rejected at validation time. - Guard the finalize 'original' branch with isset( $sub_size['file'] ) so a missing file key cannot write a null original_image into the attachment metadata.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
A combined "reverse-backport" PR: a handful of robustness improvements made to the client-side-media REST endpoints in WordPress core (the wordpress-develop backport PRs) are being brought back into the Gutenberg
lib/media/controller where they still apply. Each improvement lands as its own commit and is checked for current applicability against trunk first (some guards core added have since been covered differently in Gutenberg and are intentionally skipped).Items
sideload_item()'sscaledbranch, returnrest_sideload_no_attached_file(404) whenget_attached_file()is empty instead of passing a falsy value towp_basename(), and only repoint the attached file when it changed, returningrest_sideload_update_attached_file_failed(500) ifupdate_attached_file()fails. Core's third guard (re-read + dimension/filesize validation) is not ported — Gutenberg already validates the scaled image up-front insideload_item()viawp_getimagesize()+validate_image_dimensions().More items to follow as they are reviewed for applicability.
Testing instructions
Client-side media processing exercises the sideload + finalize REST flow on upload. With the feature enabled, upload a large image (so a
-scaledderivative is generated) and confirm the upload still succeeds and the attachment'soriginal_imageis recorded. The new branches only short-circuit on failure paths (no attached file / failed repoint) that should not occur in normal operation.Notes
Draft while the remaining items are curated.