From ac36170175f192374a880dbc4817bf55df3cd721 Mon Sep 17 00:00:00 2001 From: audrasjb Date: Tue, 11 Oct 2022 15:07:10 +0000 Subject: [PATCH] Networks and Sites: Ensure `fileupload_maxk` is an `int` to avoid potential fatal errors. This changeset fixes a potential fatal error, for example when "Max upload file size" setting is set to an empty value. It also adds unit tests for `upload_size_limit_filter`. Props mjkhajeh, bhrugesh12, SergeyBiryukov, kebbet, audrasjb, felipeelia. Fixes #55926. Built from https://develop.svn.wordpress.org/trunk@54482 git-svn-id: http://core.svn.wordpress.org/trunk@54041 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 1 + wp-includes/ms-functions.php | 8 +++++--- wp-includes/version.php | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index a9a43bda4d1..6f34538eefe 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -4771,6 +4771,7 @@ function sanitize_option( $option, $value ) { case 'users_can_register': case 'start_of_week': case 'site_icon': + case 'fileupload_maxk': $value = absint( $value ); break; diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index b48848b45eb..d5cc63ebe6d 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -2615,12 +2615,14 @@ function is_upload_space_available() { * @return int Upload size limit in bytes. */ function upload_size_limit_filter( $size ) { - $fileupload_maxk = KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 ); + $fileupload_maxk = (int) get_site_option( 'fileupload_maxk', 1500 ); + $max_fileupload_in_bytes = KB_IN_BYTES * $fileupload_maxk; + if ( get_site_option( 'upload_space_check_disabled' ) ) { - return min( $size, $fileupload_maxk ); + return min( $size, $max_fileupload_in_bytes ); } - return min( $size, $fileupload_maxk, get_upload_space_available() ); + return min( $size, $max_fileupload_in_bytes, get_upload_space_available() ); } /** diff --git a/wp-includes/version.php b/wp-includes/version.php index 55fa82bb299..1aac34caf25 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.1-beta3-54481'; +$wp_version = '6.1-beta3-54482'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.