[wp-trac] [WordPress Trac] #5449: Uploading video/3gpp content-type via wp-app.php fails

[WordPress Trac]

#5449: Uploading video/3gpp content-type via wp-app.php fails
---------------------+------------------------------------------------------
 Reporter:  meledin  |       Owner:  anonymous
     Type:  defect   |      Status:  new      
 Priority:  normal   |   Milestone:           
Component:  XML-RPC  |     Version:           
 Severity:  normal   |    Keywords:           
---------------------+------------------------------------------------------
 I'm trying to upload 3gp files through wp-app.php, using rome-propono.
 This fails in a quite awkward manner. Namely, to store the file, wp-app
 does the following (cf http://trac.wordpress.org/browser/trunk/wp-
 app.php#L406 ):

 {{{
 $ext = preg_replace( '|.*/([a-z]+)|', '$1', $_SERVER['CONTENT_TYPE'] );
 $slug = "$slug.$ext";

 $file = wp_upload_bits( $slug, NULL, $bits);
 }}}

 In other words, it takes the second part of content type (e.g. image/jpeg
 -> jpeg), but only does so for content types with the letters a-z. On the
 3gp content type video/3gpp, it manages to create a file with a slash in
 its name, and thus fails to save it. I have not investigated the
 ramifications for doing nasty stuff this way; I'd imagine they shouldn't
 do anything serious. Regardless...

 If nothing else, this regexp should include content-types with numbers
 (and capitals?) to conform with the different content types available.
 Preferably, it should make note of the whitelist of mime types, instead of
 trusting the server. That seems consistent with the actions taken
 elsewhere, since not doing so would make later code fail for file formats
 with different extensions than content types.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5449>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software