[wp-trac] [WordPress Trac] #45633: finfo_file() returns text/plain for json file instead of application/json

WordPress Trac noreply at wordpress.org
Thu Jan 17 23:11:43 UTC 2019 

#45633: finfo_file() returns text/plain for json file instead of application/json
--------------------------+-----------------------------
 Reporter:  tabrisrp      |       Owner:  joemcgill
     Type:  defect (bug)  |      Status:  assigned
 Priority:  normal        |   Milestone:  Future Release
Component:  Upload        |     Version:  5.0.1
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:  administration
--------------------------+-----------------------------
Changes (by joemcgill):

 * milestone:  5.1 => Future Release


Comment:

 I'd like to wait for #40175 before considering the addition of any
 additional MIME types. In the mean time, if a plugin needs to support
 `json` files, they need to ensure that the mime type they add via the
 `upload_mimes` filter matches what will be reported when the file is
 verified in `wp_check_filetype_and_ext()`, otherwise, you'll need to
 filter `wp_check_filetype_and_ext()` and add your own verification that
 includes an array of options, like this:

 {{{#!php
 add_filter( 'wp_check_filetype_and_ext', 'add_json_mimes', 10, 4 );

 function add_json_mimes( $info, $file, $filename, $mimes ) {
     $wp_filetype = wp_check_filetype( $filename, $mimes );
     $ext = $wp_filetype['ext'];
     $type = $wp_filetype['type'];

     if ( $ext !== 'json' ) {
         return $info;
     }

     if ( function_exists( 'finfo_file' ) ) {
         // Use finfo_file if available to validate non-image files.
         $finfo = finfo_open( FILEINFO_MIME_TYPE );
         $real_mime = finfo_file( $finfo, $file );
         finfo_close( $finfo );

         // If the extension matches an alternate mime type, let's use it
         if ( in_array( $real_mime, array( 'application/json', 'text/plain'
 ) ) ) {
             $info['ext'] = $ext;
             $info['type'] = $type;
         }
     }

     return $info;
 }
 }}}

 Note that this might become easier if #45707 lands, because you won't have
 to rerun the file verification and could instead check the value of
 `$real_mime` against a known whitelist.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45633#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list