[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1

WordPress Trac noreply at wordpress.org
Sun Jan 15 02:23:47 UTC 2017 

#39550: Some Non-image files fail to upload after 4.7.1
---------------------------+------------------------
 Reporter:  greatislander  |       Owner:  joemcgill
     Type:  defect (bug)   |      Status:  assigned
 Priority:  normal         |   Milestone:  4.7.2
Component:  Upload         |     Version:  trunk
 Severity:  normal         |  Resolution:
 Keywords:  needs-patch    |     Focuses:
---------------------------+------------------------

Comment (by blobfolio):

 I think the safest way forward, assuming `finfo_file` support is still
 considered a net gain, is to make a new MIME mapping function that accepts
 an extension and a MIME type, and compares that against a comprehensive
 database of historically-acceptable possibilities, etc.

 {{{#!php
 <?php
 function wp_check_ext_mime( $ext, $mime ) {
         $extensions = apply_filters( 'all_mime_types', array(
                 ...
                 'woff' => array(
                         'application/font-woff',
                         'font/woff',
                         'font/x-woff'
                 )
                 ...
         ));

         //lowercase arguments for easier comparison
         $ext = strtolower( $ext );
         $mime = strtolower( $mime );

         // Unknown extension
         if ( !isset( $extensions[$ext] ) ){
                 return false;
         }

         return in_array( $mime, $extensions[$ext] );
 }
 }}}

 Some historical variation for MIME types is predictable, allowing us to
 cut down on the number of explicit entries. For example, we could omit any
 `whatever/x-whatever` variants from the `$extensions` list and
 `str_replace( "/x-", "/", $ext)` prior to searching.


 Anyhoo, `wp_check_filetype_and_ext()` should then whitelist `$real_mime`s
 evaluating to `FALSE`, `""`, and `application/octet-stream`. (It isn't the
 file's fault that PHP can't read it.)

 If an actual MIME is given, the result can then be checked against
 `wp_check_ext_mime()`.

 This approach, though tedious, will at least preserve backward
 compatibility with existing functions and filters, unlike attempts to
 directly modify `wp_get_mime_types()`, etc., to be more flexible.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:49>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list