[wp-trac] [WordPress Trac] #39550: Some Non-image files fail to upload after 4.7.1

WordPress Trac noreply at wordpress.org
Tue Mar 7 21:30:43 UTC 2017 

#39550: Some Non-image files fail to upload after 4.7.1
---------------------------+------------------------
 Reporter:  greatislander  |       Owner:  joemcgill
     Type:  defect (bug)   |      Status:  closed
 Priority:  normal         |   Milestone:  4.7.3
Component:  Upload         |     Version:  4.7.1
 Severity:  critical       |  Resolution:  fixed
 Keywords:  fixed-major    |     Focuses:
---------------------------+------------------------

Comment (by blobfolio):

 Replying to [comment:143 kosso]:
 > Yes. The .ogg extension for audio is also correct in that list in
 `functions.php`
 >
 >
 > Once thing I will point out though is that the 4.7.3 has fixed .m4a
 files for me and correctly identifies them as `audio/mp4`   But the
 description in `functions.php` has m4a as `audio/mpeg` which is incorrect.

 Just want to jump in and clarify how upload validation works as of 4.7.3,
 because it has changed a bit over the past few releases.

 The current behavior is very much like the pre-4.7.1 behaviors in that 99%
 of it is based on the file name. The type that gets saved will probably be
 whatever is associated with the file extension in
 `get_allowed_mime_types()`.

 The main difference that remains is that when possible, a file's "true"
 MIME is checked using `fileinfo`. If that "true" MIME begins with
 "application/", then the upload will only be allowed to continue if the
 "true" MIME also appears somewhere in `get_allowed_mime_types()` list
 (irrespective of extension).

 `m4a` is in `get_allowed_mime_types()` (albeit as `audio/mpeg`), so unless
 `fileinfo` returns something like "application/mp4", it will be allowed on
 through even if PHP and WordPress disagree on its type.

 The OGV troubles reported a little higher up happened because the
 incorrect "true" type being reported began "application/", and thus WP was
 requiring that "application/ogg" appear somewhere in the whitelist.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39550#comment:144>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list