[wp-trac] [WordPress Trac] #39580: New wp_get_image_mime() function breaks SVG uploads
WordPress Trac
noreply at wordpress.org
Fri Jan 13 22:13:17 UTC 2017
#39580: New wp_get_image_mime() function breaks SVG uploads
--------------------------+-----------------------------
Reporter: room34 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version: 4.7.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I have used the 'upload_mimes' action to add support for uploading SVGs to
a site. This was working fine up through WP 4.7, but has broken in 4.7.1.
Now an SVG upload returns the "Sorry, this file type is not permitted for
security reasons" message, even though I have confirmed SVG is still in
the array of allowed MIME types for the site.
I believe I have tracked the cause to the new function
wp_get_image_mime(), introduced in 4.7.1. This relies on two core PHP
functions, exif_imagetype() and image_type_to_mime_type(), which
apparently do not recognize SVG files.
Because the SVG MIME type is "image/svg+xml" (specifically, because its
type starts with "image/"), an SVG upload is triggering
wp_get_image_mime() to run while validating the upload. But since these
PHP functions don't recognize SVG files, wp_get_image_mime() is returning
false, even if SVG support has been added with 'upload_mimes'.
I have confirmed that this function is causing SVG uploads to fail by
temporarily modifying the function to simply return "image/svg+xml". When
it returns that string, SVG uploads work.
I'm aware that there are legitimate security reasons why SVG support is
not built in by default, but if a developer specifically uses the
'upload_mimes' action to allow it, I believe that should work.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39580>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list