Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

image-cdn: Avoid fatal on bad img width/height #39208

Merged
merged 2 commits into from
Sep 3, 2024
Merged

image-cdn: Avoid fatal on bad img width/height #39208

merged 2 commits into from
Sep 3, 2024

Conversation

anomiex
Copy link
Contributor

@anomiex anomiex commented Sep 3, 2024

Proposed changes:

If the <img> tag has a value for width or height that's neither an integer nor a percentage, this will cause a fatal error when the value is attempted to be used as an integer. Add validation to avoid this.

This was introduced in #32700, the implicit validation included in the parameter extraction regex was lost when it was switched to use the HTML API.

Other information:

  • Have you written new tests for your changes, if applicable?
  • Have you checked the E2E test CI results, and verified that your changes do not break them?
  • Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

p1725378345801409/1725375599.111769-slack-C01U2KGS2PQ

Does this pull request change what data or activity we track or use?

No

Testing instructions:

@anomiex
image-cdn: Avoid fatal on bad img width/height
8ed3d47 
If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.
@anomiex anomiex added [Type] Bug When a feature is broken and / or not performing as intended [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. [Pri] Normal labels Sep 3, 2024
@anomiex anomiex requested review from dmsnell and a team September 3, 2024 15:56
@anomiex anomiex self-assigned this Sep 3, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 3, 2024
edited
Loading

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

  • To test on WoA, go to the Plugins menu on a WordPress.com Simple site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin, and enable the fix/image-cdn-fatal branch.

  • To test on Simple, run the following command on your sandbox:

    bin/jetpack-downloader test jetpack fix/image-cdn-fatal

Interested in more tips and information?

  • In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
  • Read more about our development workflow here: PCYsg-eg0-p2
  • Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

@github-actions github-actions bot added [Feature] Photon aka "Image CDN". Feature developed in the Image CDN package and shipped in multiple plugins [Package] Image CDN labels Sep 3, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 3, 2024

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Choose a review path based on your changes:
    • A. Team Review: add the "[Status] Needs Team Review" label
      • For most changes, including minor cross-team impacts.
      • Example: Updating a team-specific component or a small change to a shared library.
    • B. Crew Review: add the "[Status] Needs Review" label
      • For significant changes to core functionality.
      • Example: Major updates to a shared library or complex features.
    • C. Both: Start with Team, then request Crew
      • For complex changes or when you need extra confidence.
      • Example: Refactor affecting multiple systems.
  3. Get at least one approval before merging.

Still unsure? Reach out in #jetpack-developers for guidance!

ice9js
ice9js reviewed Sep 3, 2024
View reviewed changes
Copy link
Member

@ice9js ice9js left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks ok, but it's difficult to tell if that's actually all of it and the desired behavior without additional context and/or testing instructions.

cc @dilirity since you worked on merging #32700 as well.

@anomiex anomiex enabled auto-merge (squash) September 3, 2024 16:03
@anomiex anomiex merged commit 2d7ee30 into trunk Sep 3, 2024
63 checks passed
@anomiex anomiex deleted the fix/image-cdn-fatal branch September 3, 2024 16:14
@github-actions github-actions bot removed the [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. label Sep 3, 2024
dmsnell
dmsnell reviewed Sep 3, 2024
View reviewed changes
Copy link
Member

@dmsnell dmsnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

ice9js pushed a commit that referenced this pull request Sep 3, 2024
@anomiex @ice9js
image-cdn: Avoid fatal on bad img width/height (#39208)
232742b 
If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.
ice9js pushed a commit that referenced this pull request Sep 3, 2024
@anomiex @ice9js
image-cdn: Avoid fatal on bad img width/height (#39208)
2fee0a4 
If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.
anomiex pushed a commit that referenced this pull request Sep 3, 2024
@ice9js
Backport changes for [email protected] (#39213)
f43a0b4 
* image-cdn: Avoid fatal on bad img width/height (#39208)

If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.

* Update package version
anomiex added a commit that referenced this pull request Sep 3, 2024
@anomiex
image-cdn: Avoid fatal on bad img width/height (#39208)
faf3868 
If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.
anomiex pushed a commit that referenced this pull request Sep 3, 2024
@ice9js @anomiex
Backport changes for [email protected] (#39213)
30c7af5 
* image-cdn: Avoid fatal on bad img width/height (#39208)

If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.

* Update package version
@dilirity
Copy link
Member

dilirity commented Sep 4, 2024

Wow. This slipped somehow. Thanks for quickly addressing it.

gogdzl pushed a commit that referenced this pull request Oct 25, 2024
@anomiex @gogdzl
image-cdn: Avoid fatal on bad img width/height (#39208)
ece200e 
If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.
gogdzl pushed a commit that referenced this pull request Oct 25, 2024
@ice9js @gogdzl
Backport changes for [email protected] (#39213)
e81bf18 
* image-cdn: Avoid fatal on bad img width/height (#39208)

If the `<img>` tag has a value for `width` or `height` that's neither an
integer nor a percentage, this will cause a fatal error when the value
is attempted to be used as an integer. Add validation to avoid this.

* Update package version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ice9js ice9js ice9js left review comments

@dmsnell dmsnell dmsnell left review comments

@zinigor zinigor zinigor approved these changes

Assignees

@anomiex anomiex

Labels
[Feature] Photon aka "Image CDN". Feature developed in the Image CDN package and shipped in multiple plugins [Package] Image CDN [Pri] Normal [Tests] Includes Tests [Type] Bug When a feature is broken and / or not performing as intended
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@anomiex @dilirity @zinigor @dmsnell @ice9js