Ticket #11122: 11122.diff
| File 11122.diff, 3.3 KB (added by ryan, 3 years ago) |
|---|
-
wp-includes/functions.php
2260 2260 * @return array Values with extension first and mime type. 2261 2261 */ 2262 2262 function wp_check_filetype( $filename, $mimes = null ) { 2263 // Accepted MIME types are set here as PCRE unless provided. 2264 $mimes = ( is_array( $mimes ) ) ? $mimes : apply_filters( 'upload_mimes', array( 2263 if ( null === $mimes ) 2264 $mimes = get_allowed_mime_types(); 2265 $type = false; 2266 $ext = false; 2267 2268 foreach ( $mimes as $ext_preg => $mime_match ) { 2269 $ext_preg = '!\.(' . $ext_preg . ')$!i'; 2270 if ( preg_match( $ext_preg, $filename, $ext_matches ) ) { 2271 $type = $mime_match; 2272 $ext = $ext_matches[1]; 2273 break; 2274 } 2275 } 2276 2277 return compact( 'ext', 'type' ); 2278 } 2279 2280 /** 2281 * Retrieve list of allowed mime types and file extensions. 2282 * 2283 * @since 2.8.6 2284 * 2285 * @return array Array of mime types keyed by the file extension regex corresponding to those types. 2286 */ 2287 function get_allowed_mime_types() { 2288 static $mimes = false; 2289 2290 if ( !$mimes ) { 2291 // Accepted MIME types are set here as PCRE unless provided. 2292 $mimes = apply_filters( 'upload_mimes', array( 2265 2293 'jpg|jpeg|jpe' => 'image/jpeg', 2266 2294 'gif' => 'image/gif', 2267 2295 'png' => 'image/png', … … 2307 2335 'odc' => 'application/vnd.oasis.opendocument.chart', 2308 2336 'odb' => 'application/vnd.oasis.opendocument.database', 2309 2337 'odf' => 'application/vnd.oasis.opendocument.formula', 2310 ) 2311 ); 2312 2313 $type = false; 2314 $ext = false; 2315 2316 foreach ( $mimes as $ext_preg => $mime_match ) { 2317 $ext_preg = '!\.(' . $ext_preg . ')$!i'; 2318 if ( preg_match( $ext_preg, $filename, $ext_matches ) ) { 2319 $type = $mime_match; 2320 $ext = $ext_matches[1]; 2321 break; 2322 } 2338 ) ); 2323 2339 } 2324 2340 2325 return compact( 'ext', 'type' );2341 return $mimes; 2326 2342 } 2327 2328 2343 /** 2329 2344 * Retrieve nonce action "Are you sure" message. 2330 2345 * -
wp-includes/formatting.php
651 651 $filename = str_replace($special_chars, '', $filename); 652 652 $filename = preg_replace('/[\s-]+/', '-', $filename); 653 653 $filename = trim($filename, '.-_'); 654 655 // Split the filename into a base and extension[s] 656 $parts = explode('.', $filename); 657 658 // Return if only one extension 659 if ( count($parts) <= 2 ) 660 return apply_filters('sanitize_file_name', $filename, $filename_raw); 661 662 // Process multiple extensions 663 $filename = array_shift($parts); 664 $extension = array_pop($parts); 665 $mimes = get_allowed_mime_types(); 666 667 // Loop over any intermediate extensions. Munge them with a trailing underscore if they are a 2 - 5 character 668 // long alpha string not in the extension whitelist. 669 foreach ( (array) $parts as $part) { 670 $filename .= '.' . $part; 671 672 if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) { 673 $allowed = false; 674 foreach ( $mimes as $ext_preg => $mime_match ) { 675 $ext_preg = '!(^' . $ext_preg . ')$!i'; 676 if ( preg_match( $ext_preg, $part ) ) { 677 $allowed = true; 678 break; 679 } 680 } 681 if ( !$allowed ) 682 $filename .= '_'; 683 } 684 } 685 $filename .= '.' . $extension; 686 654 687 return apply_filters('sanitize_file_name', $filename, $filename_raw); 655 688 } 656 689
