[wp-trac] [WordPress Trac] #11946: Ensure image MIME type matches extension
WordPress Trac
noreply at wordpress.org
Sat Jan 4 00:45:39 UTC 2014
#11946: Ensure image MIME type matches extension
---------------------------+-----------------------------
Reporter: Viper007Bond | Owner: Viper007Bond
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Future Release
Component: Upload | Version: 3.0
Severity: minor | Resolution:
Keywords: needs-refresh |
---------------------------+-----------------------------
Changes (by jackreichert):
* cc: jack@… (added)
Comment:
I noticed that you can upload a file with the wrong extension. The
function wp_check_filetype_and_ext() in wp-includes/functions.php says
that it does this, but it does not. I added a few lines in the above patch
that fixes this security bug.
Note, it relies on finfo_file. To make sure that it won't break servers
running php < 5.3 I wrapped the code in function_exists().
--
Ticket URL: <https://core.trac.wordpress.org/ticket/11946#comment:30>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list