| | 296 | // If the file claims to be an image, validate it's extension |
| | 297 | if ( function_exists('getimagesize') && !empty( $type ) && 'image/' == substr( $type, 0, 6 ) && is_uploaded_file( $file['tmp_name'] ) ) { |
| | 298 | // Attempt to figure out what type of image it really is |
| | 299 | $imgstats = @getimagesize( $file['tmp_name'] ); |
| | 300 | |
| | 301 | // If getimagesize() knows what kind of image it really is and if the real MIME doesn't match the claimed MIME |
| | 302 | if ( !empty($imgstats['mime']) && $imgstats['mime'] != $type ) { |
| | 303 | // This is a simplified array of MIMEs that getimagesize() can detect and their extensions |
| | 304 | $mime_to_ext = apply_filters( 'getimagesize_mimes_to_exts', array( |
| | 305 | 'image/jpeg' => 'jpg', |
| | 306 | 'image/png' => 'png', |
| | 307 | 'image/gif' => 'gif', |
| | 308 | 'image/bmp' => 'bmp', |
| | 309 | 'image/tiff' => 'tif', |
| | 310 | ) ); |
| | 311 | |
| | 312 | // Replace whatever's after the last period in the filename with the correct extension |
| | 313 | if ( !empty($mime_to_ext[$imgstats['mime']]) ) { |
| | 314 | $filename_parts = explode( '.', $file['name'] ); |
| | 315 | array_pop( $filename_parts ); |
| | 316 | $filename_parts[] = $mime_to_ext[$imgstats['mime']]; |
| | 317 | $file['name'] = implode( '.', $filename_parts ); |
| | 318 | |
| | 319 | // Re-validate the extension / MIME |
| | 320 | $wp_filetype = wp_check_filetype( $file['name'], $mimes ); |
| | 321 | extract( $wp_filetype ); |
| | 322 | } |
| | 323 | } |
| | 324 | } |
| | 325 | |