From 1bcda42567b71acf2d12bd4cd8c79c891972c35c Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Sun, 18 Oct 2020 21:06:05 +0000 Subject: [PATCH] Media: Add an `image_sideload_extensions` filter to the list of allowed file extensions when sideloading an image from a URL. Props paulschreiber, hellofromTonya Fixes #50695 Built from https://develop.svn.wordpress.org/trunk@49198 git-svn-id: http://core.svn.wordpress.org/trunk@48960 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/media.php | 23 ++++++++++++++++++++++- wp-includes/version.php | 2 +- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index e2f21426dd..1efea2f0ee 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -980,8 +980,29 @@ function wp_media_upload_handler() { function media_sideload_image( $file, $post_id = 0, $desc = null, $return = 'html' ) { if ( ! empty( $file ) ) { + $allowed_extensions = array( 'jpg', 'jpeg', 'jpe', 'png', 'gif' ); + + /** + * Filters the list of allowed file extensions when sideloading an image from a URL. + * + * The default allowed extensions are: + * + * - `jpg` + * - `jpeg` + * - `jpe` + * - `png` + * - `gif` + * + * @since 5.6.0 + * + * @param string[] $allowed_extensions Array of allowed file extensions. + * @param string $file The URL of the image to download. + */ + $allowed_extensions = apply_filters( 'image_sideload_extensions', $allowed_extensions, $file ); + $allowed_extensions = array_map( 'preg_quote', $allowed_extensions ); + // Set variables for storage, fix file filename for query strings. - preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $file, $matches ); + preg_match( '/[^\?]+\.(' . implode( '|', $allowed_extensions ) . ')\b/i', $file, $matches ); if ( ! $matches ) { return new WP_Error( 'image_sideload_failed', __( 'Invalid image URL.' ) ); diff --git a/wp-includes/version.php b/wp-includes/version.php index e894aaf0c7..dbacca2327 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.6-alpha-49197'; +$wp_version = '5.6-alpha-49198'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.