[wp-trac] [WordPress Trac] #40175: Upload Validation / MIME Handling
WordPress Trac
noreply at wordpress.org
Wed Jan 16 17:00:46 UTC 2019
#40175: Upload Validation / MIME Handling
-------------------------------------------------+-------------------------
Reporter: blobfolio | Owner: joemcgill
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 5.1
Component: Media | Version: 4.7.3
Severity: major | Resolution:
Keywords: has-unit-tests has-patch needs- | Focuses:
testing early | administration
-------------------------------------------------+-------------------------
Comment (by joemcgill):
Replying to [comment:46 harmr]:
> @joemcgill thanks for the update! I tried your patch to verify if this
fixes our GPX file upload issue, unfortunately no change - file type .gpx
still not permitted due to security reasons. We haven´t changed how we
register the GPX mime types, details can be found here:
> https://core.trac.wordpress.org/ticket/45615#comment:45
Thanks @harmr. In the case of this approach—and also with the current code
in WP—registering your extension (gpx) with a supported MIME type
(application/gpx+xml) is not enough. The server also has to ''verify''
that the file actually is the MIME type that is supported for that
extension. My hunch is that you would need register the extension with a
MIME type of `application/xml` instead of `applciation/gpx+xml`, but I
would have to test that to be sure. With this new system, you could do
something like this to support both possibilities:
{{{#!php
add_filter( 'wp_mimes', function( $mimes ) {
$mimes['gpx'] => array(
'application/gpx+xml',
'application/xml',
);
return $mimes;
} );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40175#comment:47>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list