Media: Reduce failing uploads following 4.7.1.

[39831] introduced more strict MIME type checking for uploads, which resulted in unintetionally blocking several filetypes that were previously valid. This change uses a more targeted approach to MIME validation to restore previous behavior for most types. Props blobfolio, iandunn, ipstenu, markoheijnen, xknown, joemcgill. Fixes #39550, #39552. git-svn-id: https://develop.svn.wordpress.org/trunk@40124 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-05 05:04:31 +00:00 · 2017-02-25 16:07:25 +00:00
parent cfe271d254
commit 7684a241b3
5 changed files with 162 additions and 9 deletions
--- a/tests/phpunit/data/uploads/dashicons.woff
+++ b/tests/phpunit/data/uploads/dashicons.woff
--- a/tests/phpunit/data/uploads/pages-to-word.docx
+++ b/tests/phpunit/data/uploads/pages-to-word.docx
--- a/tests/phpunit/data/uploads/video-play.svg
+++ b/tests/phpunit/data/uploads/video-play.svg
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="64" height="64">
+	<circle cx="32" cy="32" r="25" stroke="white" stroke-width="7" fill="black" fill-opacity="0.2"/>
+	<polygon points="26,22 26,42 43,32" fill="white"/>
+</svg>
--- a/tests/phpunit/tests/functions.php
+++ b/tests/phpunit/tests/functions.php
@@ -914,4 +914,141 @@ class Tests_Functions extends WP_UnitTestCase {
 		$unique_uuids = array_unique( $uuids );
 		$this->assertEquals( $uuids, $unique_uuids );
 	}
+
+	/**
+	 * @ticket 39550
+	 * @dataProvider _wp_check_filetype_and_ext_data
+	 */
+	function test_wp_check_filetype_and_ext( $file, $filename, $expected ) {
+		if ( ! extension_loaded( 'fileinfo' ) ) {
+			$this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' );
+		}
+
+		$this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) );
+	}
+
+	/**
+	 * @ticket 39550
+	 */
+	function test_wp_check_filetype_and_ext_with_filtered_svg() {
+		$file = DIR_TESTDATA . '/uploads/video-play.svg';
+		$filename = 'video-play.svg';
+
+		$expected = array(
+			'ext' => 'svg',
+			'type' => 'image/svg+xml',
+			'proper_filename' => false,
+		);
+
+		add_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) );
+		$this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) );
+
+		// Cleanup.
+		remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_svg' ) );
+	}
+
+	/**
+	 * @ticket 39550
+	 */
+	function test_wp_check_filetype_and_ext_with_filtered_woff() {
+		$file = DIR_TESTDATA . '/uploads/dashicons.woff';
+		$filename = 'dashicons.woff';
+
+		$expected = array(
+			'ext' => 'woff',
+			'type' => 'application/font-woff',
+			'proper_filename' => false,
+		);
+
+		add_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) );
+		$this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) );
+
+		// Cleanup.
+		remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_woff' ) );
+	}
+
+	public function _filter_mime_types_svg( $mimes ) {
+		$mimes['svg'] = 'image/svg+xml';
+		return $mimes;
+	}
+
+	public function _filter_mime_types_woff( $mimes ) {
+		$mimes['woff'] = 'application/font-woff';
+		return $mimes;
+	}
+
+	public function _wp_check_filetype_and_ext_data() {
+		return array(
+			// Standard image.
+			array(
+				DIR_TESTDATA . '/images/canola.jpg',
+				'canola.jpg',
+				array(
+					'ext' => 'jpg',
+					'type' => 'image/jpeg',
+					'proper_filename' => false,
+				),
+			),
+			// Image with wrong extension.
+			array(
+				DIR_TESTDATA . '/images/test-image-mime-jpg.png',
+				'test-image-mime-jpg.png',
+				array(
+					'ext' => 'jpg',
+					'type' => 'image/jpeg',
+					'proper_filename' => 'test-image-mime-jpg.jpg',
+				),
+			),
+			// Image without extension.
+			array(
+				DIR_TESTDATA . '/images/test-image-no-extension',
+				'test-image-no-extension',
+				array(
+					'ext' => false,
+					'type' => false,
+					'proper_filename' => false,
+				),
+			),
+			// Valid non-image file with an image extension.
+			array(
+				DIR_TESTDATA . '/formatting/big5.txt',
+				'big5.jpg',
+				array(
+					'ext' => 'jpg',
+					'type' => 'image/jpeg',
+					'proper_filename' => false,
+				),
+			),
+			// Standard non-image file.
+			array(
+				DIR_TESTDATA . '/formatting/big5.txt',
+				'big5.txt',
+				array(
+					'ext' => 'txt',
+					'type' => 'text/plain',
+					'proper_filename' => false,
+				),
+			),
+			// Non-image file with wrong sub-type.
+			array(
+				DIR_TESTDATA . '/uploads/pages-to-word.docx',
+				'pages-to-word.docx',
+				array(
+					'ext' => 'docx',
+					'type' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+					'proper_filename' => false,
+				),
+			),
+			// Non-image file not allowed.
+			array(
+				DIR_TESTDATA . '/export/crazy-cdata.xml',
+				'crazy-cdata.xml',
+				array(
+					'ext' => false,
+					'type' => false,
+					'proper_filename' => false,
+				),
+			),
+		);
+	}
 }