Skip to content

Media: Backport client-side-media sideload improvements from WordPress core backports#79603

Draft
adamsilverstein wants to merge 3 commits into
trunkfrom
add/rest-sideload-hardening
Draft

Media: Backport client-side-media sideload improvements from WordPress core backports#79603
adamsilverstein wants to merge 3 commits into
trunkfrom
add/rest-sideload-hardening

Conversation

@adamsilverstein

Copy link
Copy Markdown
Member

What

A combined "reverse-backport" PR: a handful of robustness improvements made to the client-side-media REST endpoints in WordPress core (the wordpress-develop backport PRs) are being brought back into the Gutenberg lib/media/ controller where they still apply. Each improvement lands as its own commit and is checked for current applicability against trunk first (some guards core added have since been covered differently in Gutenberg and are intentionally skipped).

Items

  • Scaled sideload attached-file guards (from wordpress-develop Undo action doesn't update block selection #12002 ↔ this repo's Upload Media: Enable concurrent sideload uploads #75888): in sideload_item()'s scaled branch, return rest_sideload_no_attached_file (404) when get_attached_file() is empty instead of passing a falsy value to wp_basename(), and only repoint the attached file when it changed, returning rest_sideload_update_attached_file_failed (500) if update_attached_file() fails. Core's third guard (re-read + dimension/filesize validation) is not ported — Gutenberg already validates the scaled image up-front in sideload_item() via wp_getimagesize() + validate_image_dimensions().

More items to follow as they are reviewed for applicability.

Testing instructions

Client-side media processing exercises the sideload + finalize REST flow on upload. With the feature enabled, upload a large image (so a -scaled derivative is generated) and confirm the upload still succeeds and the attachment's original_image is recorded. The new branches only short-circuit on failure paths (no attached file / failed repoint) that should not occur in normal operation.

Notes

Draft while the remaining items are curated.

…hed-file operations

Backport the robustness guards from the WordPress core counterpart
(wordpress-develop #12002) into the client-side-media sideload controller:

- Return a 404 `rest_sideload_no_attached_file` error when
  `get_attached_file()` yields no path, instead of passing a falsy value
  to `wp_basename()`.
- Only repoint the attached file when it actually changed, and return a
  500 `rest_sideload_update_attached_file_failed` error if
  `update_attached_file()` fails, so a stale `original_image` is not
  recorded against a half-updated attachment.

The dimension/readability validation core also adds here is already
covered earlier in this method by the up-front `wp_getimagesize()` +
`validate_image_dimensions()` checks, so only the attached-file guards
are ported.
@adamsilverstein adamsilverstein changed the title Media: Backport client-side-media sideload REST hardening from WordPress core Media: Backport client-side-media sideload improvements from WordPress core backports Jun 27, 2026
Port the core #12007 coverage that verifies image_output_format and
image_save_progressive are absent from the REST response for a non-image
attachment (a .woff font), matching the controller's wp_attachment_is_image()
gating.
Backport three guards from Core PR #12003 to keep the client-side
sideload finalize route equivalent to wp-includes:

- Require minLength 1 on the sub_sizes 'file' and 'original_image'
  schema properties so empty strings are rejected at validation time.
- Guard the finalize 'original' branch with isset( $sub_size['file'] )
  so a missing file key cannot write a null original_image into the
  attachment metadata.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant