From b5935a2ab77d0de21ef29fe2183adeed5c565c35 Mon Sep 17 00:00:00 2001 From: Joseph Scott Date: Thu, 16 Nov 2023 02:38:06 -0700 Subject: [PATCH] Check for image before calling imagecreatefromstring() The current code can run into a few conditions where the end result is that `imagecreatefromstring()` is called on something that isn't actually an image. I found two conditions where that happens. The first is where we end up with a NULL value at the end. The second is where a remote image is requested, but what you get back is something else ( like the HTML for an error page ). This update adds checks to defend against both of those possible error conditions. --- projects/plugins/jetpack/_inc/lib/tonesque.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/projects/plugins/jetpack/_inc/lib/tonesque.php b/projects/plugins/jetpack/_inc/lib/tonesque.php index 1c974b20a8522..b674c260aa24d 100644 --- a/projects/plugins/jetpack/_inc/lib/tonesque.php +++ b/projects/plugins/jetpack/_inc/lib/tonesque.php @@ -86,7 +86,10 @@ public static function imagecreatefromurl( $image_url ) { if ( empty( $data ) ) { $response = wp_safe_remote_get( $image_url ); - if ( is_wp_error( $response ) ) { + if ( + is_wp_error( $response ) + || ! wp_startswith( $response['headers']['content-type'], 'image/' ) + ) { return false; } $data = wp_remote_retrieve_body( $response ); @@ -103,6 +106,10 @@ public static function imagecreatefromurl( $image_url ) { } } + if ( null === $data ) { + return false; + } + // Now turn it into an image and return it. return imagecreatefromstring( $data ); }