Changeset 57804

Timestamp:

03/11/2024 11:14:26 PM (5 months ago)

Author:

peterwilsoncc

Message:

REST API: Remove unnecessary upload overrides in font face controller.

This removes settings that are the default value or required for side-loading from the WP_REST_Font_Faces_Controller::handle_font_file_upload().

This is to harden the endpoint and future proof against any changes to wp_handle_upload() and related functions/security checks.

Props peterwilsoncc, dd32.
Fixes #60741.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php (modified) (1 diff)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php

@@ -875 +875 @@
         $overrides = array(
             'upload_error_handler' => array( $this, 'handle_font_file_upload_error' ),
-            // Arbitrary string to avoid the is_uploaded_file() check applied
-            // when using 'wp_handle_upload'.
-            'action'               => 'wp_handle_font_upload',
             // Not testing a form submission.
             'test_form'            => false,
-            // Seems mime type for files that are not images cannot be tested.
-            // See wp_check_filetype_and_ext().
-            'test_type'            => true,
             // Only allow uploading font files for this request.
             'mimes'                => WP_Font_Utils::get_allowed_font_mime_types(),
         );
+
+
+
+
+
 
         $uploaded_file = wp_handle_upload( $file, $overrides );