REST API: Remove unnecessary upload overrides in font face controller.

This removes settings that are the default value or required for side-loading from the `WP_REST_Font_Faces_Controller::handle_font_file_upload()`. This is to harden the endpoint and future proof against any changes to `wp_handle_upload()` and related functions/security checks. Props peterwilsoncc, dd32. Fixes #60741. git-svn-id: https://develop.svn.wordpress.org/trunk@57804 602fd350-edb4-49c9-b593-d223f7449a82
WordPress · Mar 11, 2024 · e3a5206 · e3a5206
1 parent e5a7795
commit e3a5206
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php
@@ -874,18 +874,17 @@ protected function handle_font_file_upload( $file ) {
 
 		$overrides = array(
 			'upload_error_handler' => array( $this, 'handle_font_file_upload_error' ),
-			// Arbitrary string to avoid the is_uploaded_file() check applied
-			// when using 'wp_handle_upload'.
-			'action'               => 'wp_handle_font_upload',
 			// Not testing a form submission.
 			'test_form'            => false,
-			// Seems mime type for files that are not images cannot be tested.
-			// See wp_check_filetype_and_ext().
-			'test_type'            => true,
 			// Only allow uploading font files for this request.
 			'mimes'                => WP_Font_Utils::get_allowed_font_mime_types(),
 		);
 
+		// Bypasses is_uploaded_file() when running unit tests.
+		if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) {
+			$overrides['action'] = 'wp_handle_mock_upload';
+		}
+
 		$uploaded_file = wp_handle_upload( $file, $overrides );
 
 		remove_filter( 'upload_dir', $set_upload_dir );