[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1
WordPress Trac
noreply at wordpress.org
Tue Feb 14 20:15:14 UTC 2017
#39550: Some Non-image files fail to upload after 4.7.1
------------------------------------+------------------------
Reporter: greatislander | Owner: joemcgill
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7.3
Component: Upload | Version: 4.7.1
Severity: critical | Resolution:
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+------------------------
Comment (by joemcgill):
[attachment:39550.3.diff] is a modified approach to mime/type checking
with a more narrow implementation. This approach is designed to add
hardening over the pre-4.7.1 approach while not being overly strict.
As @blobfolio and others have noted, there are various methods for
determining mimes for every filetype, and none are without their flaws.
For now, strict filetype checking in all cases is probably overkill for
our needs. Sites requiring that level of security can implement more
strict checking using methods described by others in this thread.
Testing and feedback of this patch is appreciated.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:97>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list