From 525d6d2a3498feaee2781fae6af3df9c49fa0692 Mon Sep 17 00:00:00 2001 From: Jb Audras Date: Tue, 11 Oct 2022 15:05:29 +0000 Subject: [PATCH] Networks and Sites: Ensure `fileupload_maxk` is an `int` to avoid potential fatal errors. This changeset fixes a potential fatal error, for example when "Max upload file size" setting is set to an empty value. It also adds unit tests for `upload_size_limit_filter`. Props mjkhajeh, bhrugesh12, SergeyBiryukov, kebbet, audrasjb, felipeelia. Fixes #55926. git-svn-id: https://develop.svn.wordpress.org/trunk@54482 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/formatting.php | 1 + src/wp-includes/ms-functions.php | 8 ++-- tests/phpunit/tests/multisite/network.php | 48 +++++++++++++++++++++++ 3 files changed, 54 insertions(+), 3 deletions(-) diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php index a9a43bda4d..6f34538eef 100644 --- a/src/wp-includes/formatting.php +++ b/src/wp-includes/formatting.php @@ -4771,6 +4771,7 @@ function sanitize_option( $option, $value ) { case 'users_can_register': case 'start_of_week': case 'site_icon': + case 'fileupload_maxk': $value = absint( $value ); break; diff --git a/src/wp-includes/ms-functions.php b/src/wp-includes/ms-functions.php index b48848b45e..d5cc63ebe6 100644 --- a/src/wp-includes/ms-functions.php +++ b/src/wp-includes/ms-functions.php @@ -2615,12 +2615,14 @@ function is_upload_space_available() { * @return int Upload size limit in bytes. */ function upload_size_limit_filter( $size ) { - $fileupload_maxk = KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 ); + $fileupload_maxk = (int) get_site_option( 'fileupload_maxk', 1500 ); + $max_fileupload_in_bytes = KB_IN_BYTES * $fileupload_maxk; + if ( get_site_option( 'upload_space_check_disabled' ) ) { - return min( $size, $fileupload_maxk ); + return min( $size, $max_fileupload_in_bytes ); } - return min( $size, $fileupload_maxk, get_upload_space_available() ); + return min( $size, $max_fileupload_in_bytes, get_upload_space_available() ); } /** diff --git a/tests/phpunit/tests/multisite/network.php b/tests/phpunit/tests/multisite/network.php index a2f0dee8d9..3dcbcfb5c5 100644 --- a/tests/phpunit/tests/multisite/network.php +++ b/tests/phpunit/tests/multisite/network.php @@ -395,6 +395,54 @@ if ( is_multisite() ) : $this->assertGreaterThan( 0, $user_count ); } + /** + * Test the default behavior of upload_size_limit_filter. + * If any default option is changed, the function returns the min value between the + * parameter passed and the `fileupload_maxk` site option (1500Kb by default) + * + * @ticket 55926 + */ + public function test_upload_size_limit_filter() { + $return = upload_size_limit_filter( 1499 * KB_IN_BYTES ); + $this->assertSame( 1499 * KB_IN_BYTES, $return ); + $return = upload_size_limit_filter( 1501 * KB_IN_BYTES ); + $this->assertSame( 1500 * KB_IN_BYTES, $return ); + } + + /** + * Test if upload_size_limit_filter behaves as expected when the `fileupload_maxk` is 0 or an empty string. + * + * @ticket 55926 + * @dataProvider data_upload_size_limit_filter_empty_fileupload_maxk + */ + public function test_upload_size_limit_filter_empty_fileupload_maxk( $callable_set_fileupload_maxk ) { + add_filter( 'site_option_fileupload_maxk', $callable_set_fileupload_maxk ); + $return = upload_size_limit_filter( 1500 ); + $this->assertSame( 0, $return ); + } + + /** + * @ticket 55926 + */ + public function data_upload_size_limit_filter_empty_fileupload_maxk() { + return array( + array( '__return_zero' ), + array( '__return_empty_string' ), + ); + } + + /** + * When upload_space_check is enabled, the space allowed is also considered by `upload_size_limit_filter`. + * + * @ticket 55926 + */ + public function test_upload_size_limit_filter_when_upload_space_check_enabled() { + add_filter( 'get_space_allowed', '__return_zero' ); + add_filter( 'site_option_upload_space_check_disabled', '__return_false' ); + $return = upload_size_limit_filter( 100 ); + $this->assertSame( 0, $return ); + } + /** * @ticket 40489 * @dataProvider data_wp_is_large_network