If our media_id checks don't pass, show an error message

10up · Nov 12, 2024 · 515c516 · 515c516
1 parent 900997d
commit 515c516
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/includes/class-simple-local-avatars.php b/includes/class-simple-local-avatars.php
@@ -1313,19 +1313,20 @@ public function get_avatar_rest( $user ) {
 	 *
 	 * @param array  $input Input submitted via REST request.
 	 * @param object $user  The user making the request.
+	 * @return null|\WP_Error
 	 */
 	public function set_avatar_rest( $input, $user ) {
 		// Ensure media_id is set and is a number.
 		if (
 			empty( $input['media_id'] ) ||
 			! is_numeric( $input['media_id'] )
 		) {
-			return;
+			return new \WP_Error( 'invalid_media_id', esc_html__( 'Request did not contain a valid media_id field.', 'simple-local-avatars' ) );
 		}
 
 		// Ensure this media_id is a valid attachment.
 		if ( ! wp_get_attachment_url( (int) $input['media_id'] ) ) {
-			return;
+			return new \WP_Error( 'invalid_media_id', esc_html__( 'Media ID did not match a valid attachment.', 'simple-local-avatars' ) );
 		}
 
 		$this->assign_new_user_avatar( (int) $input['media_id'], $user->ID );