[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1

WordPress Trac noreply at wordpress.org
Thu Feb 23 16:38:26 UTC 2017 

#39550: Some Non-image files fail to upload after 4.7.1
------------------------------------+------------------------
 Reporter:  greatislander           |       Owner:  joemcgill
     Type:  defect (bug)            |      Status:  assigned
 Priority:  normal                  |   Milestone:  4.7.3
Component:  Upload                  |     Version:  4.7.1
 Severity:  critical                |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+------------------------

Comment (by kontur):

 Yes, I understand. At any rate, this bug pretty much renders a plugin of
 mine useless, since it is centred around uploading and displaying
 webfonts, all of which, I think, require that the accepted mime type gets
 augmented, and then successfully passes this check - which currently it
 doesn't, or seemingly only sporadic on some installations.

 Replying to [comment:107 blobfolio]:
 > Replying to [comment:106 kontur]:
 > > Even when passing in my augmented mimes again as $overwrites [...]
 finfo returns the type for my uploaded woff as ""application/octet-
 stream", which contradicts the mime received from the file extension which
 wp_check_filetype() correctly extracted, alas $ext and $type get set to
 false, which triggers the error message then.
 >
 > Yeah, in general, `application/octet-stream`, `text/plain`, and anything
 falsey like `NULL`, `FALSE`, or `""` should basically be treated as a lack
 of `finfo` support rather than a hard-stop error.
 >
 > At any rate, the role of `finfo` in the upload process is going to have
 to be diminished quite a bit from its 4.7.1 implementation. It can be used
 to reliably detect certain limited types of deception, but because the
 WordPress core only natively supports a single ext:mime mapping, it can't
 be used for broader validation.
 >
 > The WOFF spec does include magic number support, but since the format
 has been associated with a half-dozen different MIME types over the years,
 even if PHP does produce a match, it might not be the one match WordPress
 is looking for.
 >
 > There is, however, potential for plugins to provide a more robust
 `finfo()`-based validation process. Depending on how this ticket plays
 out, I'll put something together for everyone. ;)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:108>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list