[wp-trac] [WordPress Trac] #17454: get_allowed_mime_types() does not return correct data

WordPress Trac wp-trac at lists.automattic.com
Mon May 16 14:03:55 UTC 2011


#17454: get_allowed_mime_types() does not return correct data
--------------------------+----------------------
 Reporter:  MungoBBQ      |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  General       |     Version:  3.1.2
 Severity:  major         |  Resolution:  invalid
 Keywords:                |
--------------------------+----------------------
Changes (by duck_):

 * status:  new => closed
 * resolution:   => invalid
 * milestone:  Awaiting Review =>


Comment:

 `get_allowed_mime_types()` *is* where the upload_mimes filter is applied.
 Dumping the results of the function call after adding a filter works fine
 for me.

 I think it's your usage of the function:

 {{{
 if (!in_array($new_filetype, $allowed_mime_types))
 }}}

 That means that the uploaded file type has to be `application/octet-
 stream`. Again this seems insecure. You should probably use
 wp_check_file_type_and_ext() or wp_handle_upload(), don't really know
 enough about the use case to be sure.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17454#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list