[wp-trac] [WordPress Trac] #50136: Files types not included in Upload file types are allowed to be uploaded because of loose file extension check
WordPress Trac
noreply at wordpress.org
Tue May 12 02:15:23 UTC 2020
#50136: Files types not included in Upload file types are allowed to be uploaded
because of loose file extension check
--------------------------+------------------------------
Reporter: Nikschavan | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: | Focuses: multisite
--------------------------+------------------------------
Comment (by dd32):
This can probably be simplified down to a singular regular expression as
used in
[https://developer.wordpress.org/reference/functions/wp_check_filetype/
wp_check_filetype()]:
{{{#!diff
Index: ms-functions.php
===================================================================
--- ms-functions.php (revision 47557)
+++ ms-functions.php (working copy)
@@ -1849,7 +1849,7 @@
$site_mimes = array();
foreach ( $site_exts as $ext ) {
foreach ( $mimes as $ext_pattern => $mime ) {
- if ( '' != $ext && false !== strpos( $ext_pattern,
$ext ) ) {
+ if ( '' != $ext && preg_match( '!^(' .
$ext_pattern . ')$!i', $ext ) ) {
$site_mimes[ $ext_pattern ] = $mime;
}
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50136#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list