[wp-trac] [WordPress Trac] #58094: CSV files are prevented in PHP 8.1. due to wp_check_filetype_and_ext()

WordPress Trac noreply at wordpress.org
Mon Jul 17 18:25:37 UTC 2023 

#58094: CSV files are prevented in PHP 8.1. due to wp_check_filetype_and_ext()
-----------------------------------+------------------------------
 Reporter:  bradshawtm             |       Owner:  (none)
     Type:  defect (bug)           |      Status:  new
 Priority:  normal                 |   Milestone:  Awaiting Review
Component:  Upload                 |     Version:  6.2
 Severity:  minor                  |  Resolution:
 Keywords:  php81 has-patch close  |     Focuses:
-----------------------------------+------------------------------
Changes (by SergeyBiryukov):

 * keywords:  php81 needs-unit-tests has-patch => php81 has-patch close
 * milestone:  6.4 => Awaiting Review


Comment:

 Replying to [comment:6 felipeelia]:
 > As @bradshawtm pointed out, `finfo_file()` will indeed return
 `'text/csv'` but so will `wp_check_filetype()`, and adaptations are only
 needed when those two don't match.

 Thanks for testing! Same here, I can't seem to reproduce the issue.

 In my testing on PHP 8.1+:
 * Both `finfo_file()` and `wp_check_filetype()` return `text/csv`. The
 function then proceeds to check [source:tags/6.2.2/src/wp-
 includes/functions.php?marks=3206,3219,3221#L3205 whether the type matches
 the real type], and whether it is allowed. Both of these conditions are
 satisfied, so the correct values are returned (the `proper_filename` key
 is not relevant here, it's only used for images):
 {{{
 array(3) {
   ["ext"]=>
   string(3) "csv"
   ["type"]=>
   string(8) "text/csv"
   ["proper_filename"]=>
   bool(false)
 }
 }}}
 * This is confirmed by a unit test for `wp_check_filetype_and_ext()`,
 which has a
 [source:tags/6.2.2/tests/phpunit/tests/functions.php?marks=1676-1684#L1667
 test case for 'text/csv'] that currently passed on PHP 8.1+.
 * This can also be confirmed by uploading a CSV file in the admin, which
 works as expected in my testing.

 Note that `text/csv` is an allowed type as of WordPress 3.0: [13962] /
 #12757.

 So I don't see any issues here at the moment. The steps to reproduce on a
 clean install would be helpful if any changes are still needed.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58094#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list