[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1
WordPress Trac
noreply at wordpress.org
Fri Jan 13 16:59:21 UTC 2017
#39550: Some Non-image files fail to upload after 4.7.1
---------------------------+------------------------
Reporter: greatislander | Owner: joemcgill
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7.2
Component: Upload | Version: trunk
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
---------------------------+------------------------
Comment (by greatislander):
Replying to [comment:41 mensmaximus]:
> The deeper I dig into this the more I feel checking the real mime type
for security reasons wont work well. As soon as a file or http stream does
not provide a mime type it will be set to application/octet-stream (server
side fallback).
This conclusion was the basis of my initial report. Even exporting a Word
document from Apple Pages sets the wrong mime type, causing this check to
fail. It would be ideal to have a more secure upload validation method but
the way mime types are set (often incorrectly) on various systems and in
various contexts makes it hard to get reliable results.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:43>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list