[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1

WordPress Trac noreply at wordpress.org
Fri Feb 24 20:36:05 UTC 2017


#39550: Some Non-image files fail to upload after 4.7.1
-------------------------------------+------------------------
 Reporter:  greatislander            |       Owner:  joemcgill
     Type:  defect (bug)             |      Status:  assigned
 Priority:  normal                   |   Milestone:  4.7.3
Component:  Upload                   |     Version:  4.7.1
 Severity:  critical                 |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------

Comment (by joemcgill):

 Thanks @iandunn, I had missed @goldsounds' comment.

 The main issue with your new exmaple is that the extra mime type being
 added via the filter does not match the mime type that is being picked up
 by finfo. As you pointed out, if `application/xml` was already whitelisted
 by `get_allowed_mime_types()` then the test would not fail. Since we can't
 arbitrarily trust files with 'application' mime types for security
 reasons, I think this would be up to a developer to work around by making
 sure the mime type they were adding through the `upload_mimes` filter
 matched with the verification step in `wp_check_filetype_and_ext()` or by
 filtering the output of `wp_check_filetype_and_ext()` itself.

 In the future, we can look into adding more robust mime-type checking (see
 #39963) which could help us whitelist multiple subtypes for a given file
 extension. In the mean time, [attachment:39550.4.diff] restores
 functionality lost in 4.7.1 for most cases.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:119>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list