Networks and Sites: Ensure fileupload_maxk is an int to avoid pot…

…ential fatal errors. This changeset fixes a potential fatal error, for example when "Max upload file size" setting is set to an empty value. It also adds unit tests for `upload_size_limit_filter`. Props mjkhajeh, bhrugesh12, SergeyBiryukov, kebbet, audrasjb, felipeelia. Fixes #55926. Built from https://develop.svn.wordpress.org/trunk@54482 git-svn-id: http://core.svn.wordpress.org/trunk@54041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
markjaquith · Oct 11, 2022 · ac36170 · ac36170
1 parent 82d2620
commit ac36170
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
@@ -4771,6 +4771,7 @@ function sanitize_option( $option, $value ) {
 		case 'users_can_register':
 		case 'start_of_week':
 		case 'site_icon':
+		case 'fileupload_maxk':
 			$value = absint( $value );
 			break;
 

diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php
@@ -2615,12 +2615,14 @@ function is_upload_space_available() {
  * @return int Upload size limit in bytes.
  */
 function upload_size_limit_filter( $size ) {
-	$fileupload_maxk = KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 );
+	$fileupload_maxk         = (int) get_site_option( 'fileupload_maxk', 1500 );
+	$max_fileupload_in_bytes = KB_IN_BYTES * $fileupload_maxk;
+
 	if ( get_site_option( 'upload_space_check_disabled' ) ) {
-		return min( $size, $fileupload_maxk );
+		return min( $size, $max_fileupload_in_bytes );
 	}
 
-	return min( $size, $fileupload_maxk, get_upload_space_available() );
+	return min( $size, $max_fileupload_in_bytes, get_upload_space_available() );
 }
 
 /**

diff --git a/wp-includes/version.php b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.1-beta3-54481';
+$wp_version = '6.1-beta3-54482';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.