Make WordPress Core

Ticket #11946: functions.php.reject.patch

File functions.php.reject.patch, 834 bytes (added by jackreichert, 11 years ago)

If extension does not match mime type, rejects upload.

  • functions.php

     
    18941894        // We can't do any further validation without a file to work with
    18951895        if ( ! file_exists( $file ) )
    18961896                return compact( 'ext', 'type', 'proper_filename' );
     1897               
     1898        // if php supports finfo check if the extension does matches the file's real type
     1899        if (function_exists('finfo_file')) {
     1900                $finfo = finfo_open(FILEINFO_MIME_TYPE);
     1901            $mime = finfo_file($finfo, $file);
     1902            finfo_close($finfo);
    18971903
     1904                // the extension does not match the file's real type
     1905                if ($mime !== $type) {
     1906                        $type = $ext = false;
     1907                }           
     1908        }
     1909
    18981910        // We're able to validate images using GD
    18991911        if ( $type && 0 === strpos( $type, 'image/' ) && function_exists('getimagesize') ) {
    19001912