Media: ensure wp_get_attachment_image uses valid user-provided width and height.

adamsilverstein · adamsilverstein · commit 8c374a5adb9b · 2025-08-15T19:09:36.000Z
Fix a bug introduced in WordPress 6.8.2 (r60415) that led to user supplied values for width and height in the $attr array passed to `wp_get_attachment_image` to be overwritten. Props rainbowgeek, ocean90, rollybueno, shreya0shrivastava, heybran, mukesh27. Fixes #63714. git-svn-id: https://develop.svn.wordpress.org/trunk@60641 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/media.php b/src/wp-includes/media.php
@@ -1091,9 +1091,17 @@ function wp_get_attachment_image( $attachment_id, $size = 'thumbnail', $icon = f
 		 */
 		$context = apply_filters( 'wp_get_attachment_image_context', 'wp_get_attachment_image' );
 
-		$attr           = wp_parse_args( $attr, $default_attr );
-		$attr['width']  = $width;
-		$attr['height'] = $height;
+		$attr = wp_parse_args( $attr, $default_attr );
+
+		// Ensure that the `$width` doesn't overwrite an already valid user-provided width.
+		if ( ! isset( $attr['width'] ) || ! is_numeric( $attr['width'] ) ) {
+			$attr['width'] = $width;
+		}
+
+		// Ensure that the `$height` doesn't overwrite an already valid user-provided height.
+		if ( ! isset( $attr['height'] ) || ! is_numeric( $attr['height'] ) ) {
+			$attr['height'] = $height;
+		}
 
 		$loading_optimization_attr = wp_get_loading_optimization_attributes(
 			'img',
diff --git a/tests/phpunit/tests/media.php b/tests/phpunit/tests/media.php
@@ -1634,6 +1634,26 @@ static function ( $args ) {
 		$this->assertStringContainsString( 'height="150"', $output, 'Height should not be changed.' );
 	}
 
+	/**
+	 * Test that `wp_get_attachment_image` doesn't overwrite an already valid user-provided width and height.
+	 *
+	 * @ticket 63714
+	 */
+	public function test_wp_get_attachment_image_not_overwrite_user_provided_width_height() {
+		$img = wp_get_attachment_image(
+			self::$large_id,
+			'large',
+			false,
+			array(
+				'width'  => 999,
+				'height' => 999,
+			)
+		);
+
+		$this->assertStringContainsString( 'width="999"', $img, 'User-provided width should not be changed.' );
+		$this->assertStringContainsString( 'height="999"', $img, 'User-provided height should not be changed.' );
+	}
+
 	/**
 	 * Test that `wp_get_attachment_image()` returns a proper alt value.
 	 *
