[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1
WordPress Trac
noreply at wordpress.org
Tue Feb 14 21:07:33 UTC 2017
#39550: Some Non-image files fail to upload after 4.7.1
------------------------------------+------------------------
Reporter: greatislander | Owner: joemcgill
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7.3
Component: Upload | Version: 4.7.1
Severity: critical | Resolution:
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+------------------------
Comment (by blobfolio):
Replying to [comment:97 joemcgill]:
> [attachment:39550.3.diff] is a modified approach to mime/type checking
with a more narrow implementation. This approach is designed to add
hardening over the pre-4.7.1 approach while not being overly strict.
Thanks @joemcgill.
The patch does not address image-related MIME troubles 4.7.1 introduced.
By calling out MIMEs matching "image/XXX" specifically, any valid image
type that is not something the thumbnailer is meant to manipulate will
fail (SVG, WebP, etc.).
It would be safer to move the `$mime_to_ext` assignment higher up the
chain and change the condition to `if ( $type && 0 === strpos( $type,
'image/' ) && isset ( $mime_to_ext[ $type ] ) ) {`
Also the constant `FILEINFO_MIME_TYPE` was not introduced until PHP 5.3,
but some other `fileinfo_*` functionality was present earlier. Changing
the condition to `if ( $type && ! $real_mime && extension_loaded(
'fileinfo' ) && defined( 'FILEINFO_MIME_TYPE' ) ) {` should be good
enough.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:98>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list