[wp-trac] [WordPress Trac] #11015: Admin Ajax actions should pass relevant global variables

WordPress Trac noreply at wordpress.org
Sun Mar 1 10:50:10 UTC 2026 

#11015: Admin Ajax actions should pass relevant global variables
----------------------------------+----------------------
 Reporter:  filosofo              |       Owner:  ryan
     Type:  enhancement           |      Status:  closed
 Priority:  normal                |   Milestone:
Component:  JavaScript            |     Version:  2.9
 Severity:  normal                |  Resolution:  wontfix
 Keywords:  admin-ajax has-patch  |
----------------------------------+----------------------

Comment (by prbot):

 ''This ticket was mentioned in [https://github.com/WordPress/wordpress-
 develop/pull/11100 PR #11100] on [https://github.com/WordPress/wordpress-
 develop/ WordPress/wordpress-develop] by
 [https://profiles.wordpress.org/adamsilverstein/ @adamsilverstein].''
 ## Summary

 Builds on #11015. Adds dimension validation to the sideload endpoint.

 - Adds `validate_image_dimensions()` private method to
 `WP_REST_Attachments_Controller`
 - Validates uploaded image dimensions against expected size constraints in
 the `wp/v2/media/<id>/sideload` endpoint
 - Moves `wp_getimagesize()` call earlier in `sideload_item()` to validate
 before metadata handling

 ### Validation rules:
 - **'original' size**: must match original attachment dimensions exactly
 - **'full' and 'scaled' sizes**: requires positive dimensions only
 - **Regular sizes**: dimensions must not exceed registered size maximums
 (with 1px tolerance for rounding differences)

 ## Test plan

 - [x] `test_sideload_item_rejects_oversized_dimensions` — uploads 640x480
 image as thumbnail (150x150), expects 400 with
 `rest_upload_dimension_mismatch`
 - [x] `test_sideload_item_accepts_valid_dimensions` — uploads 50x50 image
 as thumbnail, expects 200

 Corresponding Gutenberg PR:
 https://github.com/WordPress/gutenberg/pull/74903

 🤖 Generated with [https://claude.com/claude-code Claude Code]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/11015#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list