[wp-trac] [WordPress Trac] #50136: Files types not included in Upload file types are allowed to be uploaded because of loose file extension check
WordPress Trac
noreply at wordpress.org
Sun May 24 12:02:38 UTC 2020
#50136: Files types not included in Upload file types are allowed to be uploaded
because of loose file extension check
--------------------------------------+------------------------------
Reporter: Nikschavan | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: multisite
--------------------------------------+------------------------------
Comment (by ayeshrajans):
It didn't occur to me that these array keys were meant to be regular
expressions in the first place, hence my initial patch with the elaborate
word-boundary patterns. Some expressions like `mpeg|mpg|mpe` could be
simplified to `mpe?g?`, but this of course loses the readability.
Changes from @Nikschavan's PR #293 looks good to me. We probably need some
sort of notice to say these are regular expressions delimited by this
character, to prevent the new entries from using unquoted regex delimiters
or inefficient expressions that might backtrack excessively.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50136#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list