[wp-trac] [WordPress Trac] #40175: Upload Validation / MIME Handling
WordPress Trac
noreply at wordpress.org
Fri Mar 17 13:39:43 UTC 2017
#40175: Upload Validation / MIME Handling
--------------------------+------------------------------
Reporter: blobfolio | Owner: joemcgill
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: 4.7.3
Severity: critical | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by joemcgill):
* owner: => joemcgill
* status: new => accepted
Comment:
Thanks for consolidating all of this here @blobfolio.
It's probably helpful to define some base assumptions here. Before
[39831], WordPress essentially trusted that all uploaded files were
exactly what they claimed to be, based on the file extension. The only
exception is that image files were verified in an attempt to rename image
files that had accidentally been saved with the wrong extension (see
#11946). From what I can tell, this was mainly a UX improvement when
working with images, to avoid editor errors and was not strict about
allowing uploads based on actual mime types.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40175#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list