image-cdn: Avoid fatal on bad img width/height (#39208)

If the `<img>` tag has a value for `width` or `height` that's neither an integer nor a percentage, this will cause a fatal error when the value is attempted to be used as an integer. Add validation to avoid this.
Automattic · Sep 3, 2024 · faf3868 · faf3868
1 parent d054536
commit faf3868
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 2 deletions.
diff --git a/projects/packages/image-cdn/changelog/fix-image-cdn-fatal b/projects/packages/image-cdn/changelog/fix-image-cdn-fatal
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Avoid a fatal error if an `<img>` tag has width or height that's not an integer or percentage.
diff --git a/projects/packages/image-cdn/src/class-image-cdn.php b/projects/packages/image-cdn/src/class-image-cdn.php
@@ -449,11 +449,11 @@ public static function filter_the_content( $content ) {
 
 				// First, check the image tag. Note we only check for pixel sizes now; HTML4 percentages have never been correctly
 				// supported, so we stopped pretending to support them in JP 9.1.0.
-				if ( ! is_string( $width ) || str_contains( $width, '%' ) ) {
+				if ( ! is_string( $width ) || ! ctype_digit( $width ) ) {
 					$width = false;
 				}
 
-				if ( ! is_string( $height ) || str_contains( $height, '%' ) ) {
+				if ( ! is_string( $height ) || ! ctype_digit( $height ) ) {
 					$height = false;
 				}
 

diff --git a/projects/packages/image-cdn/tests/php/test_class.image_cdn.php b/projects/packages/image-cdn/tests/php/test_class.image_cdn.php
@@ -1220,6 +1220,48 @@ public function test_image_cdn_filter_the_content_percentage_width_and_height()
 		$this->assertEquals( '1024,768', $query_params['fit'] );
 	}
 
+	/**
+	 * Tests that Photon ignores empty dimensions. It should fall back to e.g. a "size-foo" class.
+	 *
+	 * @covers Image_CDN::filter_the_content
+	 */
+	public function test_image_cdn_filter_the_content_empty_width_and_height() {
+		$sample_html      = '<img src="http://example.com/test.png" class="test size-large" width="" height="" />';
+		$filtered_content = Image_CDN::filter_the_content( $sample_html );
+		$attributes       = wp_kses_hair( $filtered_content, wp_allowed_protocols() );
+		$query_str        = wp_parse_url( $attributes['src']['value'], PHP_URL_QUERY );
+		parse_str( $query_str, $query_params );
+
+		$this->assertArrayHasKey( 'width', $attributes );
+		$this->assertSame( '1024', $attributes['width']['value'] );
+		$this->assertArrayHasKey( 'height', $attributes );
+		$this->assertSame( '768', $attributes['height']['value'] );
+
+		$this->assertArrayHasKey( 'fit', $query_params );
+		$this->assertEquals( '1024,768', $query_params['fit'] );
+	}
+
+	/**
+	 * Tests that Photon ignores bogus dimensions. It should fall back to e.g. a "size-foo" class.
+	 *
+	 * @covers Image_CDN::filter_the_content
+	 */
+	public function test_image_cdn_filter_the_content_bogus_width_and_height() {
+		$sample_html      = '<img src="http://example.com/test.png" class="test size-large" width="1vh" height="1vh" />';
+		$filtered_content = Image_CDN::filter_the_content( $sample_html );
+		$attributes       = wp_kses_hair( $filtered_content, wp_allowed_protocols() );
+		$query_str        = wp_parse_url( $attributes['src']['value'], PHP_URL_QUERY );
+		parse_str( $query_str, $query_params );
+
+		$this->assertArrayHasKey( 'width', $attributes );
+		$this->assertSame( '1024', $attributes['width']['value'] );
+		$this->assertArrayHasKey( 'height', $attributes );
+		$this->assertSame( '768', $attributes['height']['value'] );
+
+		$this->assertArrayHasKey( 'fit', $query_params );
+		$this->assertEquals( '1024,768', $query_params['fit'] );
+	}
+
 	/**
 	 * Tests that Photon will filter for an AMP response.
 	 *