[wp-trac] [WordPress Trac] #17454: get_allowed_mime_types() does not return correct data
WordPress Trac
wp-trac at lists.automattic.com
Mon May 16 14:03:55 UTC 2011
#17454: get_allowed_mime_types() does not return correct data
--------------------------+----------------------
Reporter: MungoBBQ | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 3.1.2
Severity: major | Resolution: invalid
Keywords: |
--------------------------+----------------------
Changes (by duck_):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
`get_allowed_mime_types()` *is* where the upload_mimes filter is applied.
Dumping the results of the function call after adding a filter works fine
for me.
I think it's your usage of the function:
{{{
if (!in_array($new_filetype, $allowed_mime_types))
}}}
That means that the uploaded file type has to be `application/octet-
stream`. Again this seems insecure. You should probably use
wp_check_file_type_and_ext() or wp_handle_upload(), don't really know
enough about the use case to be sure.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17454#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list