Networks and Sites: Ensure fileupload_maxk is an int to avoid potential fatal errors.

This changeset fixes a potential fatal error, for example when "Max upload file size" setting is set to an empty value. It also adds unit tests for `upload_size_limit_filter`. Props mjkhajeh, bhrugesh12, SergeyBiryukov, kebbet, audrasjb, felipeelia. Fixes #55926. git-svn-id: https://develop.svn.wordpress.org/trunk@54482 602fd350-edb4-49c9-b593-d223f7449a82
2025-02-07 08:04:27 +01:00 · 2022-10-11 15:05:29 +00:00 · 2022-10-11 15:05:29 +00:00 · 525d6d2a34
commit 525d6d2a34
parent e2c6f8c82a
3 changed files with 54 additions and 3 deletions
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@ -4771,6 +4771,7 @@ function sanitize_option( $option, $value ) {
 		case 'users_can_register':
 		case 'start_of_week':
 		case 'site_icon':
+		case 'fileupload_maxk':
 			$value = absint( $value );
 			break;

--- a/src/wp-includes/ms-functions.php
+++ b/src/wp-includes/ms-functions.php
@ -2615,12 +2615,14 @@ function is_upload_space_available() {
 * @return int Upload size limit in bytes.
 */
 function upload_size_limit_filter( $size ) {
-	$fileupload_maxk = KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 );
+	$fileupload_maxk         = (int) get_site_option( 'fileupload_maxk', 1500 );
+	$max_fileupload_in_bytes = KB_IN_BYTES * $fileupload_maxk;
+
 	if ( get_site_option( 'upload_space_check_disabled' ) ) {
-		return min( $size, $fileupload_maxk );
+		return min( $size, $max_fileupload_in_bytes );
 	}

-	return min( $size, $fileupload_maxk, get_upload_space_available() );
+	return min( $size, $max_fileupload_in_bytes, get_upload_space_available() );
 }

 /**
--- a/tests/phpunit/tests/multisite/network.php
+++ b/tests/phpunit/tests/multisite/network.php
@ -395,6 +395,54 @@ if ( is_multisite() ) :
 			$this->assertGreaterThan( 0, $user_count );
 		}

+		/**
+		 * Test the default behavior of upload_size_limit_filter.
+		 * If any default option is changed, the function returns the min value between the
+		 * parameter passed and the `fileupload_maxk` site option (1500Kb by default)
+		 *
+		 * @ticket 55926
+		 */
+		public function test_upload_size_limit_filter() {
+			$return = upload_size_limit_filter( 1499 * KB_IN_BYTES );
+			$this->assertSame( 1499 * KB_IN_BYTES, $return );
+			$return = upload_size_limit_filter( 1501 * KB_IN_BYTES );
+			$this->assertSame( 1500 * KB_IN_BYTES, $return );
+		}
+
+		/**
+		 * Test if upload_size_limit_filter behaves as expected when the `fileupload_maxk` is 0 or an empty string.
+		 *
+		 * @ticket 55926
+		 * @dataProvider data_upload_size_limit_filter_empty_fileupload_maxk
+		 */
+		public function test_upload_size_limit_filter_empty_fileupload_maxk( $callable_set_fileupload_maxk ) {
+			add_filter( 'site_option_fileupload_maxk', $callable_set_fileupload_maxk );
+			$return = upload_size_limit_filter( 1500 );
+			$this->assertSame( 0, $return );
+		}
+
+		/**
+		 * @ticket 55926
+		 */
+		public function data_upload_size_limit_filter_empty_fileupload_maxk() {
+			return array(
+				array( '__return_zero' ),
+				array( '__return_empty_string' ),
+			);
+		}
+
+		/**
+		 * When upload_space_check is enabled, the space allowed is also considered by `upload_size_limit_filter`.
+		 *
+		 * @ticket 55926
+		 */
+		public function test_upload_size_limit_filter_when_upload_space_check_enabled() {
+			add_filter( 'get_space_allowed', '__return_zero' );
+			add_filter( 'site_option_upload_space_check_disabled', '__return_false' );
+			$return = upload_size_limit_filter( 100 );
+			$this->assertSame( 0, $return );
+		}
+
 		/**
 		 * @ticket 40489
 		 * @dataProvider data_wp_is_large_network