mirror of
https://github.com/WordPress/WordPress.git
synced 2024-09-28 15:17:42 +02:00
Media: Reduce failing uploads following 4.7.1.
[39831] introduced more strict MIME type checking for uploads, which resulted in unintetionally blocking several filetypes that were previously valid. This change uses a more targeted approach to MIME validation to restore previous behavior for most types. Props blobfolio, iandunn, ipstenu, markoheijnen, xknown, joemcgill. Fixes #39550, #39552. Built from https://develop.svn.wordpress.org/trunk@40124 git-svn-id: http://core.svn.wordpress.org/trunk@40061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
454acad22e
commit
87ad9e31ab
@ -2269,15 +2269,15 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
|
|||||||
return compact( 'ext', 'type', 'proper_filename' );
|
return compact( 'ext', 'type', 'proper_filename' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$real_mime = false;
|
||||||
|
|
||||||
// Validate image types.
|
// Validate image types.
|
||||||
if ( $type && 0 === strpos( $type, 'image/' ) ) {
|
if ( $type && 0 === strpos( $type, 'image/' ) ) {
|
||||||
|
|
||||||
// Attempt to figure out what type of image it actually is
|
// Attempt to figure out what type of image it actually is
|
||||||
$real_mime = wp_get_image_mime( $file );
|
$real_mime = wp_get_image_mime( $file );
|
||||||
|
|
||||||
if ( ! $real_mime ) {
|
if ( $real_mime && $real_mime != $type ) {
|
||||||
$type = $ext = false;
|
|
||||||
} elseif ( $real_mime != $type ) {
|
|
||||||
/**
|
/**
|
||||||
* Filters the list mapping image mime types to their respective extensions.
|
* Filters the list mapping image mime types to their respective extensions.
|
||||||
*
|
*
|
||||||
@ -2308,18 +2308,29 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
|
|||||||
$ext = $wp_filetype['ext'];
|
$ext = $wp_filetype['ext'];
|
||||||
$type = $wp_filetype['type'];
|
$type = $wp_filetype['type'];
|
||||||
} else {
|
} else {
|
||||||
$type = $ext = false;
|
// Reset $real_mime and try validating again.
|
||||||
|
$real_mime = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} elseif ( function_exists( 'finfo_file' ) ) {
|
}
|
||||||
// Use finfo_file if available to validate non-image files.
|
|
||||||
|
// Validate files that didn't get validated during previous checks.
|
||||||
|
if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) {
|
||||||
$finfo = finfo_open( FILEINFO_MIME_TYPE );
|
$finfo = finfo_open( FILEINFO_MIME_TYPE );
|
||||||
$real_mime = finfo_file( $finfo, $file );
|
$real_mime = finfo_file( $finfo, $file );
|
||||||
finfo_close( $finfo );
|
finfo_close( $finfo );
|
||||||
|
|
||||||
// If the extension does not match the file's real type, return false.
|
/*
|
||||||
if ( $real_mime !== $type ) {
|
* If $real_mime doesn't match what we're expecting, we need to do some extra
|
||||||
$type = $ext = false;
|
* vetting of application mime types to make sure this type of file is allowed.
|
||||||
|
* Other mime types are assumed to be safe, but should be considered unverified.
|
||||||
|
*/
|
||||||
|
if ( $real_mime && ( $real_mime !== $type ) && ( 0 === strpos( $real_mime, 'application' ) ) ) {
|
||||||
|
$allowed = get_allowed_mime_types();
|
||||||
|
|
||||||
|
if ( ! in_array( $real_mime, $allowed ) ) {
|
||||||
|
$type = $ext = false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.8-alpha-40123';
|
$wp_version = '4.8-alpha-40124';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
Loading…
Reference in New Issue
Block a user