[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1
WordPress Trac
noreply at wordpress.org
Mon Jan 30 21:11:28 UTC 2017
#39550: Some Non-image files fail to upload after 4.7.1
------------------------------------+------------------------
Reporter: greatislander | Owner: joemcgill
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7.3
Component: Upload | Version: 4.7.1
Severity: critical | Resolution:
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+------------------------
Comment (by contrid):
We noticed this problem with CSV files.
With wp_check_filetype(), WordPress returns text/csv as the type. The
wp_handle_upload() function uses wp_check_filetype_and_ext() function
which uses finfo_file() PHP function to see what the real mime type of the
file is. For CSV it seems to return text/plain. Could be related to some
versions of PHP?
When the real mime coming from finfo_file() PHP and the mime coming from
wp_check_filetype() don't match up, it returns false. The code which
creates the "Sorry, this file type is not permitted for security reasons."
error message is in wp-includes/functions.php.
There are several ways to fix this such as using the
wp_check_filetype_and_ext filter or possibly setting test_type to false in
the wp_handle_upload() overrides. This is a security risk so you need to
do manual checking on the file and it's mime then. At least you can then
check if the type is one of many CSV mimes often used eg. application/csv,
text/csv, text/plain, text/comma-separated values.
Correct me if I'm wrong, I'm just trying to help.
This specifically became a problem in WordPress 4.7.1 and worked fine
before that, detecting the real mime and mime from supported/allowed mime
types list correctly before.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:86>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list