From d58bcae1ad7f87a047a1e91075ee2741e4aa9b38 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Fri, 9 Oct 2015 04:46:00 +0000
Subject: [PATCH] Media: Return early from `media_sideload_image()` if `$file`
 didn't match the pattern for images.

Props MikeHansenMe, serpent7776.
Fixes #32755.

git-svn-id: https://develop.svn.wordpress.org/trunk@34984 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/media.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/wp-admin/includes/media.php b/src/wp-admin/includes/media.php
index c1f7f5f36e..904cbb0ebb 100644
--- a/src/wp-admin/includes/media.php
+++ b/src/wp-admin/includes/media.php
@@ -847,6 +847,10 @@ function media_sideload_image( $file, $post_id, $desc = null, $return = 'html' )
 
 		// Set variables for storage, fix file filename for query strings.
 		preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $file, $matches );
+		if ( ! $matches ) {
+			return new WP_Error( 'image_sideload_failed', __( 'Invalid image URL' ) );
+		}
+
 		$file_array = array();
 		$file_array['name'] = basename( $matches[0] );