[wp-trac] [WordPress Trac] #64849: Media: wp_get_image_alttext() incorrectly treats strpos() position 0 as "not found"
WordPress Trac
noreply at wordpress.org
Thu Mar 12 08:11:58 UTC 2026
#64849: Media: wp_get_image_alttext() incorrectly treats strpos() position 0 as
"not found"
--------------------------+-------------------------------------
Reporter: suhan2411 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: trunk
Severity: normal | Keywords: has-patch needs-testing
Focuses: |
--------------------------+-------------------------------------
The `wp_get_image_alttext()` function in `src/wp-admin/includes/image.php`
checks for XMP metadata using `strpos()`:
{{{
$xmp_start = strpos( $img_contents, '<x:xmpmeta' );
$xmp_end = strpos( $img_contents, '</x:xmpmeta>' );
if ( ! $xmp_start || ! $xmp_end ) {
return $alt_text;
}
}}}
This logic incorrectly treats a match at position `0` as "not found".
In PHP, `strpos()` returns:
{{{
0 → match found at position 0
false → no match
}}}
Because the code uses `! $xmp_start`, a valid match at position `0` is
treated as `false`, and the function returns an empty alt text.
As a result, valid XMP metadata may be ignored when it appears at the
beginning of the file contents.
Additionally, `file_get_contents()` may return `false` on failure.
The current implementation passes that value directly to `strpos()`, which
can trigger PHP warnings or errors.
Both issues can be resolved by using strict comparisons for `strpos()` and
adding a safety check for `file_get_contents()` failure.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64849>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list