From d0deb5bc6600921fc43cd4ead0f713bbee6aa6b0 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Sun, 3 Sep 2023 12:49:51 +0000
Subject: [PATCH] Upload: Correct duplicate MIME type for `.xlsx` files
 generated by Google Docs.

This expands the code block previously added for `.docx` files to include `.xlsx` files as well, which are known to have the same issue with `finfo_file()`.

Includes a unit test case for `wp_check_filetype_and_ext()`.

Reference: [https://bugs.php.net/bug.php?id=77784 PHP Bug #77784: mime_content_type() result gets doubled for .xlsx].

Follow-up to [56497].

See #57898.

git-svn-id: https://develop.svn.wordpress.org/trunk@56510 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/functions.php                 |  19 +++++++++++++++---
 .../data/uploads/double-mime-type.docx        | Bin 0 -> 6109 bytes
 tests/phpunit/tests/functions.php             |  10 +++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)
 create mode 100644 tests/phpunit/data/uploads/double-mime-type.docx

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index dfe8af4335..e0c859cc8f 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -3150,9 +3150,22 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 		$real_mime = finfo_file( $finfo, $file );
 		finfo_close( $finfo );
 
-		// finfo_file() returns redudant mime type for Google docs, see #57898.
-		if ( 'application/vnd.openxmlformats-officedocument.wordprocessingml.documentapplication/vnd.openxmlformats-officedocument.wordprocessingml.document' === $real_mime ) {
-			$real_mime = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document';
+		$google_docs_types = array(
+			'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+			'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+		);
+
+		foreach ( $google_docs_types as $google_docs_type ) {
+			/*
+			 * finfo_file() can return duplicate mime type for Google docs,
+			 * this conditional reduces it to a single instance.
+			 *
+			 * @see https://bugs.php.net/bug.php?id=77784
+			 * @see https://core.trac.wordpress.org/ticket/57898
+			 */
+			if ( 2 === substr_count( $real_mime, $google_docs_type ) ) {
+				$real_mime = $google_docs_type;
+			}
 		}
 
 		// fileinfo often misidentifies obscure files as one of these types.
diff --git a/tests/phpunit/data/uploads/double-mime-type.docx b/tests/phpunit/data/uploads/double-mime-type.docx
new file mode 100644
index 0000000000000000000000000000000000000000..44988f24da250922c615b4affa189efabbc50c12
GIT binary patch
literal 6109
zcma)A1ymJl*FGR2eWVrXmQLxGK1fOn9_oOA96Cfe2-0w*1*E&XyE~;zx<Nuh>Id(4
zzw7n??_K|%wPwwlHT&H&d++Dn&pgTs_mJ=b_wU~a#8g<k0Q_ROx7SW@Y>nBh9jw46
zw&vDmtj<=J>ER%yR(7Dz^CnWN{TUhp3VfbjFLd4=&wEuN;acUw<CAh5yU@5sRhozo
z8Y@8yrya}d-%k{}lhz=}8xd{2en@&;UEZv!hvx?+&Qvf5bu)FZHAa40g^IXZhwu&g
zUH%{LFd0Z3LsZxZf4FzD39aTA)@GaCK>nnZ0k-1%1nrV0gqRV@N;^LId&C7P8z1e7
zW#xPXHh~zl#9ltLpJ~umstxNdj?v?nX5<~4p0t+>3V!HH-$y88@hKJt^{1bMrzE!;
zu~nF+_FwnmS7Mqkujd)R{sJ&Xfk9tiE$Hh$_JeZ2@}zG|iWzBnKG=Zw%!iCU(_RmT
zvY&ps_rXy*81<pqtJMhU>5;fe>h|S*){P*Sms`Ox5lc*7n$_sOVguquVJX`Pw%Fo`
zg5P#NZN*~08VHbsHc**(5z3ActGbQ$cMNOj%_~@($ueEbxIN42BR;+0FAF3h7M(@W
z`tE6Sgr%&2dS4Dt(gT7300<)k0LuSZrw4!5$<D;y{<cbXKg$%^Z#~0~*_mj#58OyN
zOO@j#c5u}y-YrTP5e86qR{-6`!<JWf={uvw(!>@`Gi5!(L`N_|q9RuWZ=oq2oU{rN
z`Ko0}xJ)g^`YED?qEQP&Edp?)s<1LCGmGKTy<Q_tt*!Xe5{&2Y3SgB~uw9KTZXn5%
zrh<r!5fUa7Bt8!w2dbvWy7g`H5SyJQKD%|A=c6o-IC7-&Keqd6p??T2$+2~pP0k5;
zC2;M1pNoDUc$jCylw}_s<exk{k(6c?QvsvfOLsBCqsR;;TcUCPwtXCL*(SD5!g2=B
zQu_c&WiKDk9efX^GTjV9Iq_ozE1^yBOVT37#Is-7%z9?bG9|iMP9qbL)10&%^7~+B
zEbJII#V=?gI2|8Z)tQ!NoPGG3s`okrR)-2BVP^%L2_qGJ`xv%Q@thrtE88si2+N;6
z3(Jo$?L_UyGHO1kw*dh}oqsJl{XA8NwA0-kXSbgu#!3XW>z?7dCPgwq*=&8wtNn<V
z_U&kw_#XXg5yxw<dfP|eO~y2{%}{tmP+Z2@l>-g%lk2m2EZ;%hdsd#%KfMs~Yw#SG
zoR<6?=~r3<)gE-ZmcEo|(8G2RnLZ3;A-9aiFx)wfKPAIa>3x6Fu}=xXQPD-UA}t3E
z@v6+ASk1id*H&x&B=m#V+o(`8z-~<CkZF2B&PcRH)8Z88u7^TOThovc0e~%(f9s+D
zV%_wOwY~Z)u%*e*CW`nK>uL9a0kP`$kw_ey5Kubh@}|jN?{FWVRB?+c-(fxCC)SAy
zpOWi56BJiU>7KOsR3u9r;=`@cG5?aBsFK;1Oc4P+xNGtyUqv_DxRp-I0V}%gvT8rq
z3%56;e2#U5k7jZ6*^{-X%)c#0=4josBB}kF#o~O<8hLzi#wlm5<=Y&@V?2UgJQRi}
zz<ebh2G*8mt&u5AVr-D<zIP~%vE2CB2=~dcXUEt`O+v={h(z%oWo;vG@o0|0#5AKd
zvN*|rL~g1|pt_a>YdnSlc}P2~N}dk$n<p{8n$Fqglv9d$EP|bE2O8wtOO$<Uh(Q*V
zdYL&scBHHLn0WyWa#M>D!!fw;%0!=j<_%PDNT!6_0qal>g~j?Q8CG;vX5UXW1J_bw
z@z?QGDU+#&jAZAu>1*YcmJU_l6Hw>>Am8;bDmI!eTpMb*g5_=>0iuN|_V*gIKv)~V
zYr(K2t@y&_J#e2W!d>C=eXRg4x8T?LSMcNf7yR}vmL@-;KNr1gJ<X2)q0sQu^RN*l
zizu08K8E8Er|vK|t=~k+(biJTG6O5gP5jJ8fu`{YK92nkiTt8&{p<j0$y)Fdk5h}1
zk|PzyBjl8akU|;Au8%anAAM2k&jUw?AbG3cYmw08=k~G@ZD*^Kc&&(CsPThZngSx1
z)Mlby1>wTigQ#-^*A;1!?A4feklHv`%_tT47=&7pa)WmT1}2{vYZ<0{DPj1RBKdmB
z@oILM^sL!EPFYfM^<#zFMGF#Uprt$sgkVV7V+ZvR+iB;}x{ukL=>_D?$F@D8T&?2S
z$7R7S8V~#k7aEH7_roBhVl4m8x}S&dtAy$)opQJl*7B~8GaQLM-&oQ7i+9fCx_~1B
zOZc>saj!%etN)5Vjx(K@WvsRsPD1VVW2c;@Sg#Y+>@4(>P$}Z~%ISd3R57h8sbQ8O
z0`>OCECP{sAjXy=Alx!gz2UWquTs8Vg3(t<ZUvvxZk!?GLR9U7jFlNGw#+`BjRH*J
z3Nc8_*>??&OAAsH@=wt&E9n$YmB$`egHv|E99Y;lzHOT`I6b<bRue_+sCd8=Ip#bg
z+bud>hgh$oS6MdOQxgo(kKmOG?q>}v-ex>>Wg1-pE-88$mS)ct8s$PR<^6fZa<nLW
zF{bn>Yny2W>C3#QZFUF5V}2|ZtMu2rlY)JRY;nXnMYwIHG8idRim%#3L>NLpSM#nC
z^xdBhf5#D}^kb^4*~ph+H~cK5>2Vxrk#C<E^N2PUCN=zA=fwJ+1>14X^iKN{^Mj>O
zK}mFRqjy6XG_M`8G3=><%x~cH-!uf2RD{RmTlFa2L$LKb`^=)Su$dR2^DobHx+)_#
z1^avYtOPYCQFGjYITzVUuFD0=W)7?9B@-oAb~7L0_3z>Jp;#^@gOj_xe8%4XIo86r
z`>`86%l>>f+Sd!z#fwC=2Ek2q51bRe3vR;;mZB@XCNffQ;UDTnS86RH&bfTJCubBp
z2RCRW6D`+xXKY%Vamvdf;o73y-w(*XpDu_?voOfWB)?TM%ZW4{J4lAPTC=6lUv7K7
zW^|kczU&2!2-<`*dvy0U-r;Q8xj>ES9sn?Sy9fS1hOF@$BL^!JYx_Tj>`cfE1@J>+
z(moKHI2ls1+Y?Yq6s)6Rkqg1W5o50yMtqO5!|ncK$qqX=@@YTTr-y5C<ixE%7DK~I
z15yc+@NiiqIG1C^pV%kBqu1XYxp9_;Y(>Zq2~o;ecek#M{s3k+$+wrsxp-9+gV7k{
zxu8I;7dFp!5iuu3Vi2Be)%m+5F*HP(4v0P6YI`ZW7}Cs%DH@J_4~<c!lN4NlBv}Nn
z7NGsWj2Gl2nFv$cs$iT^vQ^^{W35LSssMJJa62&dqXv?x)>rz;cfXr&R?Lo~5<Xj2
zE@80;C}JTlkGt+yU}3j0#23MMz+Ev^i*=@jQYy))igS;Nl9EqaCiZyq#e*>(p0@Nb
zN=y$uFO~`Dd`)ot;Yz6gDOi=r0QfeF2@2`b1?DAfxO&$4P{8UBkD0~@NMrf?>C2Ch
z840*$aysbB$pxku>LAgXUXMgZ4sTN3Wf=M=_i}Y1^ah6ZryNZssFs%mRldhsp{9<0
zS6HzkbTm8f((J6N>m2tA^h0$MhE;2xQV9y#N#{-~r-_a<lkkB1u(uJMh%LvPA&vAa
zSk3FJ0$?t_%}n*O4tRwWk$HmW<fEQTQbV|I2myVZmjc>%?g=GpjWM(+u8EA;%gw?}
z!t2fIS_2-cOCNle=v@!7MK&!QWP4ek-0g9>Mo4|0Fdu3|YpRCe4D2CRH`h}ghQp;c
zW<F50!Fsfbktv|yX)SuA!uPk_v#3|wz77_ZYcJh~$UWFaeBwOr+U^q}9v|QBTz-!F
zZ*BMZ&+Xm7*2L0|?bqgGy}Oei2D13c#)ky`rY1^8$>sgyLHCVyXYVl_p84ufQ-b8(
zF9ITHu#rZ6qWAq>j{1Yf<H!a5-e49xr6qOQ0%beKgv-%Ia_5#w{JLT-g!v?psih|)
zaJF$Cb7#g*eisSAmrxP!+*wEu%8<-8S`$)rHP<VO4adwso_@PYxcX$!z$C_0%q5)h
zq};2h5Cb^2aUeQXVD9=}*DQq4f4>YKZ^41QHAKb4*DYGwrApj&ftgGDkcu;NwS%c+
z>XW3i4sJ5EEm8zCTthF9-*26kasz@xJTj~47s!KpP_n_{{Mg1dAY7y}`e|a_CGuVB
z;DFrigWJR~-=g-P5sPvA#2;DvnW^AGLF^WGOq8#9Hojegpk7a)#RxK`!?RU@%2LLI
zen~m!;}c^;KwA^!;?%5qm&}pwX;8OwXHvEW#YUQDhdIjnV%0o?oHie=={~&K3r(QG
z;yGWSp5utI1QjyWzd6EgQZ07H`$bw0s=W#456ClClP}!&T^>Bz%qXbjZXjtARUBbL
zDb~b-zd}0;-R&Hf6>@ed-#84#Gw`Ph%;Mmxy2#3MEzfO1TxGd({`dz6V1W!$72kfx
zlUp9}&tFRLXOq}NOsq`Uex5n*_NQHKg*P+2j~j6&oha<zm`uIcLUIV0ES|{+k<eKC
zl9~HQO)95|jmW(vnO^opXsvnWOE78W`$`u^IGKLIJtbgCI#gKHNEXEyH;@Xd#Lmaz
zmAks$N0mE2jBNEwcBi6Qh0fTrjx$SvLoc|or^k22ZzOspR2L^ZgF4f!Kz?Nfc^+rY
zCUqGSxDSwyi}hNqnAD$Wms)K$b4C%lNPwMrm#A9MGpLH(VK|;|+IC#?E5I@_9fSc;
zB+EC!(qE_{@RG9e%sw~F1~Ba?a;U#PTX>e5v6jc6oX3ik<0r9;m~s~Q^3i()esw~y
z))VKU3X7@Ek_omM+6QV15T2TMCyX2Dh#rLr!~TX^xB^#eTj~8_9>VL5e%s$&=MvNo
zdjXS2O{!)HGdq>>0}+`hJ-&f;wLF#Mc}qOk!N`{unWIomrn3&r1-+(93#R^HSLB8G
z#kpr!f+TZ$^2qxG-<UAYuG7aNO$icV64J}{$o7v0IXP*K+opJ^>yW>Vb0e5C==K)G
zi@fNyWobFB+PFu7!TN$*+9C}8-~=$y9)yhyLjKC*RZf2%Mo$!_sx9m4MVDjc9&ecC
z_i$ykl-xkX%`0S2RJi7*clbT3%&7;jvVJQxNv;0uI<S%4J>c5)a4yi-;M0L>=gsw~
zS>x4@^oLpYUylmOZw`(Rj^2pe9Qpd9oPB7LBo#?|@Nt8VUrbO4u@w`sOF2Fm3<T$>
zS+>F2IF!sWHxkg9HsbL5iV!9!HE`x13?V8u<u1Ds_&7;&y!ZmBBa<fhO1Pfa>NA|N
zoy|OlvCPMgL1aW)`Tn3m&e4grp&p7@tq5YSrOeK%?x$Gcqu@|saPK(1&jFuHFI$>m
z*+OGImrbt4cVOqKF&6XfQM3=121fhKiTgRVKh<?o_T|F60F@X#lh80U1<Pr*2WuW^
zEp}ybgv5l@!89PMwoX)a0j=p?vZ&tBFGv0nbg{Z%Rh3hLGHkoa%1N3WDxVZLx)rRx
z>X6wLw>hAUzlzx-Ux5?qYE;I6VO~vXTIX_!5&kxWPK8!?UtEWZ=?2jIp?HeT@M88z
zq{T7U_@W1N(BVa<dV!P!Xt1DHL-1fNR5JJN^=|5oO7A>?KE}edL4~cgzjB?GNW}f3
z_K1$Ga|Q{0$=&YVLi|GeT3uekU?c5dO;J9185i&Hh}x+iXGJbu&@5d0Cdx2j!MEKq
z>_MdOC5`th$^tJ8q=61uo9}2Ei`IU4z-41xMC~GM8u=>kT%Ym?Cr8nAL%WJKCALV<
z4vWBxb6d$q%P7kdZ3+kR;D}~(A0F2F1a^AV1l8E(*!1d7`BI)Y5_1&s4e~ZGwyGhr
z_<eqfKZMQLv3f}`KdOy_@xh72Q9Kv%9V7=CZgjK*o!#Zg^fQ5DZA)92q-FUUm3ul}
zt#UJun$6KZs32Y%Pn)x2ELE&#&o+g>h7K%g*uCKAar)Fu@W3B#f!E8P*+T|0NN?l1
z+P3EU-g-`K2%*ayO&PYmmSovE9|{}xbGGR2vD6V-HhR`(y+NKtNfJnk>H73&=P=t_
z$skb)X~nTrw$5Uau$<$jCnM`&Ul@>RYJLQq*jftBmgF7%QX0K+9gx92FpPgX$3xq%
z$Ct=^xif-PTh+wSKU~r7gU)ZCOq2G~ps69T8?hc3@hk@yyos@)u2~|wt;-);*NvP!
zos58sFYp;1nQ|tl=m^PFNq>PXGblhrEr%)m(n<CNjU;WXHf;J$vduIIUB<ZTJZUOp
z>k-OT<=NMfx9P!VbXhJ@{e{^)?p91%?!p90r3kN=woC)J_eMUOy~_oCje?D^L1xvR
zEggkOzmfWhJUMki@^?<wh%l(;L;9>63uVmp*v9{&gS&quBxo^U%?v#`Sb8}(RnR=K
zcTiA4r0`{Yk8;X#F_b~14z=XzqAQo_d4Qr}6i&r6({J#LaB!FLJg%*bqOL%oQ`dc!
z8=FVt{Go(5#}RSoN~{#+^)#08idtXI;$-FYL_bxf#mpbbFYOSTftyUj?B0^CmOP6}
z03U2u?cn#s>6`Y=kJjwq!(5T0vs;(-UpV*h(vtD3BRXYz=!;)ZmqzH{pxzBuN}UvM
z=3AX$hV<XY4c_gz(UrW_32s@ifx3&0iJku4uqh7*S-0E?gF}K+^Do+lo@r<x5ngFm
z=nvh)96-wZ@jL<6vMY!NM@Gz!j14xq=&w6<p?SV8xF5h`TEd}jp&FtAYi^tVpph;@
zRG5mY0hG*YZug9wrp`X!F|C=TPm_qfr(w|_PgYJ>DvhJw;Vm9PXNtqzSvP{#N0g_$
z5Zrk>-PT0x+?MYf3rZ}81urjc+AQd3qO01D12Ccqxiso_q=XDB%&r0(tg;3TrDfop
zsoNG1E4;Y`R6lvEmRd!+nMXJH58^r=<)uzJn=>{V6{v-v_#0=<M|$^_2xhz!TYLHq
zoI4}$uG+gy?JNGZzV$WWGcV*V^-BybfjY&Z-uDvT!3N-{D-*w$WcVqXLX$QR)7Z{s
zu%kj<P0l{sYtd)Q&Rv~M{S;=n3UMl#Z|6D-(p|C<5b*(j$*{i)e|OT%-|c^kvcLQP
zD*D{XgMV4pZN#7czlw#wyZ<UZ{5|~6E#>;@{x_ZIcmH31sqO@dzbyS$%=jbxf8~nb
zoqr|9e}8u@wEsB&N`rrQ|CJoxvFE?c`<4;@jQtN>`uCN7C0}=B@-J(|{2R6W-SJl#
x-Ep(OEF0@Tukbrl`+bRDo8t~|e;G0U|A{_j1>{@c0sv^Yhs5n~h0o8x{{yl*j;a6v

literal 0
HcmV?d00001

diff --git a/tests/phpunit/tests/functions.php b/tests/phpunit/tests/functions.php
index 32fa2bd1e6..1451117b91 100644
--- a/tests/phpunit/tests/functions.php
+++ b/tests/phpunit/tests/functions.php
@@ -1643,6 +1643,16 @@ class Tests_Functions extends WP_UnitTestCase {
 							'proper_filename' => false,
 						),
 					),
+					// Google Docs file for which finfo_file() returns a duplicate mime type.
+					array(
+						DIR_TESTDATA . '/uploads/double-mime-type.docx',
+						'double-mime-type.docx',
+						array(
+							'ext'             => 'docx',
+							'type'            => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+							'proper_filename' => false,
+						),
+					),
 					// Non-image file with wrong sub-type.
 					array(
 						DIR_TESTDATA . '/uploads/pages-to-word.docx',