From 5b025834f9d979f36f942aeda2c28ff97695e66f Mon Sep 17 00:00:00 2001 From: Mike Schroder Date: Mon, 7 Dec 2015 20:07:37 +0000 Subject: [PATCH] Media: Don't generate responsive image attributes if `src` does not match ID in `wp-image-` class. We rely on the `wp-image-` class to quickly find an attachment ID to add responsive image attributes. To avoid incorrect images being displayed, do not add these attributes if the `src` does not match the meta from the attachment ID in the class. Props azaozz, kovshenin, joemcgill. Fixes: #34898. git-svn-id: https://develop.svn.wordpress.org/trunk@35820 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/media.php | 22 ++++++++++++++++++++++ tests/phpunit/tests/media.php | 20 ++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/src/wp-includes/media.php b/src/wp-includes/media.php index 3713beabf9..89b88df7b4 100644 --- a/src/wp-includes/media.php +++ b/src/wp-includes/media.php @@ -1278,6 +1278,28 @@ function wp_image_add_srcset_and_sizes( $image, $image_meta, $attachment_id ) { return $image; } + $base_url = trailingslashit( _wp_upload_dir_baseurl() ); + $image_base_url = $base_url; + + $dirname = dirname( $image_meta['file'] ); + if ( $dirname !== '.' ) { + $image_base_url .= trailingslashit( $dirname ); + } + + $all_sizes = wp_list_pluck( $image_meta['sizes'], 'file' ); + + foreach ( $all_sizes as $key => $file ) { + $all_sizes[ $key ] = $image_base_url . $file; + } + + // Add the original image. + $all_sizes[] = $base_url . $image_meta['file']; + + // Bail early if the image src doesn't match any of the known image sizes. + if ( ! in_array( $image_src, $all_sizes ) ) { + return $image; + } + $width = preg_match( '/ width="([0-9]+)"/', $image, $match_width ) ? (int) $match_width[1] : 0; $height = preg_match( '/ height="([0-9]+)"/', $image, $match_height ) ? (int) $match_height[1] : 0; diff --git a/tests/phpunit/tests/media.php b/tests/phpunit/tests/media.php index 55a53a1eb4..3da75a014d 100644 --- a/tests/phpunit/tests/media.php +++ b/tests/phpunit/tests/media.php @@ -1058,6 +1058,26 @@ EOF; $this->assertSame( $content_filtered, wp_make_content_images_responsive( $content_unfiltered ) ); } + /** + * When rendering attributes for responsive images, + * we rely on the 'wp-image-*' class to find the image by ID. + * The class name may not be consistent with attachment IDs in DB when + * working with imported content or when a user has edited + * the 'src' attribute manually. To avoid incorrect images + * being displayed, ensure we don't add attributes in this case. + * + * @ticket 34898 + * @ticket 33641 + */ + function test_wp_make_content_images_responsive_wrong() { + $image = get_image_tag( self::$large_id, '', '', '', 'medium' ); + + // Replace the src URL + $image_wrong_src = preg_replace( '|src="[^"]+"|', 'src="http://' . WP_TESTS_DOMAIN . '/wp-content/uploads/foo.jpg"', $image ); + + $this->assertSame( $image_wrong_src, wp_make_content_images_responsive( $image_wrong_src ) ); + } + /** * @ticket 33641 */