| 294 | // If the file claims to be an image, validate it's extension |
| 295 | if ( function_exists('getimagesize') && !empty( $wp_filetype['type'] ) && 'image/' == substr( $wp_filetype['type'], 0, 6 ) && is_uploaded_file( $file['tmp_name'] ) ) { |
| 296 | // Get the image's true MIME |
| 297 | $imgstats = @getimagesize( $file['tmp_name'] ); |
| 298 | |
| 299 | // If the real MIME doesn't match the claimed MIME |
| 300 | if ( !empty($imgstats['mime']) && $imgstats['mime'] != $wp_filetype['type'] ) { |
| 301 | // Figure out what the extension should be |
| 302 | $mime_to_ext = apply_filters( 'image_mime_to_ext', array( |
| 303 | 'image/jpeg' => 'jpg', |
| 304 | 'image/png' => 'png', |
| 305 | 'image/gif' => 'gif', |
| 306 | 'image/bmp' => 'bmp', |
| 307 | 'image/tiff' => 'tif', |
| 308 | ) ); |
| 309 | |
| 310 | // Replace whatever's after the last period in the filename with the correct extension |
| 311 | if ( !empty($mime_to_ext[$imgstats['mime']]) ) { |
| 312 | $filename_parts = explode( '.', $file['name'] ); |
| 313 | array_pop( $filename_parts ); |
| 314 | $filename_parts[] = $mime_to_ext[$imgstats['mime']]; |
| 315 | $file['name'] = implode( '.', $filename_parts ); |
| 316 | |
| 317 | // Re-validate the extension / MIME |
| 318 | $wp_filetype = wp_check_filetype( $file['name'], $mimes ); |
| 319 | } |
| 320 | } |
| 321 | } |
| 322 | |