[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1
WordPress Trac
noreply at wordpress.org
Fri Feb 24 20:36:05 UTC 2017
#39550: Some Non-image files fail to upload after 4.7.1
-------------------------------------+------------------------
Reporter: greatislander | Owner: joemcgill
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7.3
Component: Upload | Version: 4.7.1
Severity: critical | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------
Comment (by joemcgill):
Thanks @iandunn, I had missed @goldsounds' comment.
The main issue with your new exmaple is that the extra mime type being
added via the filter does not match the mime type that is being picked up
by finfo. As you pointed out, if `application/xml` was already whitelisted
by `get_allowed_mime_types()` then the test would not fail. Since we can't
arbitrarily trust files with 'application' mime types for security
reasons, I think this would be up to a developer to work around by making
sure the mime type they were adding through the `upload_mimes` filter
matched with the verification step in `wp_check_filetype_and_ext()` or by
filtering the output of `wp_check_filetype_and_ext()` itself.
In the future, we can look into adding more robust mime-type checking (see
#39963) which could help us whitelist multiple subtypes for a given file
extension. In the mean time, [attachment:39550.4.diff] restores
functionality lost in 4.7.1 for most cases.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:119>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list