[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1

WordPress Trac noreply at wordpress.org
Tue Feb 14 23:13:58 UTC 2017


#39550: Some Non-image files fail to upload after 4.7.1
------------------------------------+------------------------
 Reporter:  greatislander           |       Owner:  joemcgill
     Type:  defect (bug)            |      Status:  assigned
 Priority:  normal                  |   Milestone:  4.7.3
Component:  Upload                  |     Version:  4.7.1
 Severity:  critical                |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+------------------------

Comment (by blobfolio):

 Replying to [comment:100 joemcgill]:
 > Replying to [comment:98 blobfolio]:
 >
 > What we don't want to do is make `$mime_to_ext` a blanket whitelist of
 mime-to-extension possibilities.

 Definitely. I'm not suggesting making `$mime_to_ext` a blanket whitelist,
 but the point of that particular block of code is to try and generate web-
 able images where it can. That doesn't apply to any file types outside
 `$mime_to_ext`. Because the outer check ("image/*") is looser than the
 inner (the `$mime_to_ext` list), anything outside of that will be
 irrevocably failed.

 If an upload doesn't match the `$mime_to_ext` list, it is outside the
 purview of that particular challenge and should be passed down the chain
 to `finfo` and eventually `upload_mimes`.

 It's one thing for WordPress to not explicitly image-ize unusual graphics
 formats, but another to say, "Sorry, you can't use these at all no matter
 what." Particularly with SVG, which is so prominent (even the core is
 using some now, haha).

 While it is possible to require both a hook into `upload_mimes` and
 another into `wp_check_filetype_and_ext`, that seems both tedious and a
 bit dangerous (it would be pushing people toward messing with a nuanced
 and sensitive function they wouldn't otherwise have to).

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:101>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list