S3-Uploads icon indicating copy to clipboard operation
S3-Uploads copied to clipboard
verified publisher icon humanmade

Fatal error in this function add_s3_signed_params_to_attachment_image_src

Open NurdinDev opened this issue 5 years ago • 4 comments

How to handle this error if some plugin send a string to wp_get_attachment_image_src

example snippet of code could cause an issue:

$img_id = get_post_meta( $id, 'blablabla', true ); // expect no meta field is found that's return '' (empty string) 
$src = wp_get_attachment_image_src( $img_id, 'thumbnail'); // $img_id => ''

And you will see the following error:

Screen Shot 2020-11-22 at 6 02 43 PM

I do not know if my conclusion is correct or not, hope that's help.

Thanks in advance.

NurdinDev avatar Nov 22 '20 15:11 NurdinDev

I can solve my issue if I remove the int type from $post_id in this line https://github.com/humanmade/S3-Uploads/blob/539d0c16d4fb778caeb4fd2b12f5718fb48baea0/inc/class-s3-uploads.php#L486

NurdinDev avatar Nov 22 '20 16:11 NurdinDev

Sure that is in there for type safety, why would a string get passed here?

callistusasir avatar Nov 30 '20 12:11 callistusasir

One example that @NurdinDev provided is if an attachment id is fetched from meta. I believe that strongly typing the $post_id parameter here is dangerous due to the fact that the $attachment_id parameter isn't strongly typed in wp_get_attachment_image_src where the filter is applied and will risk crashing ALOT of sites.

joiglifberg avatar Dec 03 '20 19:12 joiglifberg

Fixed in https://github.com/humanmade/S3-Uploads/pull/474

joehoyle avatar Dec 14 '20 21:12 joehoyle