[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1

WordPress Trac noreply at wordpress.org
Thu Feb 23 16:28:23 UTC 2017 

#39550: Some Non-image files fail to upload after 4.7.1
------------------------------------+------------------------
 Reporter:  greatislander           |       Owner:  joemcgill
     Type:  defect (bug)            |      Status:  assigned
 Priority:  normal                  |   Milestone:  4.7.3
Component:  Upload                  |     Version:  4.7.1
 Severity:  critical                |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+------------------------

Comment (by blobfolio):

 Replying to [comment:106 kontur]:
 > Even when passing in my augmented mimes again as $overwrites [...] finfo
 returns the type for my uploaded woff as ""application/octet-stream",
 which contradicts the mime received from the file extension which
 wp_check_filetype() correctly extracted, alas $ext and $type get set to
 false, which triggers the error message then.

 Yeah, in general, `application/octet-stream`, `text/plain`, and anything
 falsey like `NULL`, `FALSE`, or `""` should basically be treated as a lack
 of `finfo` support rather than a hard-stop error.

 At any rate, the role of `finfo` in the upload process is going to have to
 be diminished quite a bit from its 4.7.1 implementation. It can be used to
 reliably detect certain limited types of deception, but because the
 WordPress core only natively supports a single ext:mime mapping, it can't
 be used for broader validation.

 The WOFF spec does include magic number support, but since the format has
 been associated with a half-dozen different MIME types over the years,
 even if PHP does produce a match, it might not be the one match WordPress
 is looking for.

 There is, however, potential for plugins to provide a more robust
 `finfo()`-based validation process. Depending on how this ticket plays
 out, I'll put something together for everyone. ;)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:107>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list