WordPress.org

Make WordPress Core

Ticket #21292: 21292-3.diff

File 21292-3.diff, 5.4 KB (added by markoheijnen, 6 years ago)

Added mime type matching

  • wp-includes/functions.php

     
    15761576 * @param null $deprecated Never used. Set to null.
    15771577 * @param mixed $bits File content
    15781578 * @param string $time Optional. Time formatted in 'yyyy/mm'.
     1579 * @param array $additional_args Optional. Additional arguments.
    15791580 * @return array
    15801581 */
    1581 function wp_upload_bits( $name, $deprecated, $bits, $time = null ) {
     1582function wp_upload_bits( $name, $deprecated, $bits, $time = null, $additional_args = false ) {
    15821583        if ( !empty( $deprecated ) )
    15831584                _deprecated_argument( __FUNCTION__, '2.0' );
    15841585
     1586        $default_additional_args = array( 'validate_extension' => true, 'mimes' => false );
     1587        $additional_args = wp_parse_args( $additional_args, $default_additional_args );
     1588
    15851589        if ( empty( $name ) )
    15861590                return array( 'error' => __( 'Empty filename' ) );
    15871591
    1588         $wp_filetype = wp_check_filetype( $name );
    1589         if ( !$wp_filetype['ext'] )
    1590                 return array( 'error' => __( 'Invalid file type' ) );
    1591 
    15921592        $upload = wp_upload_dir( $time );
    15931593
    15941594        if ( $upload['error'] !== false )
    15951595                return $upload;
    15961596
    15971597        $upload_bits_error = apply_filters( 'wp_upload_bits', array( 'name' => $name, 'bits' => $bits, 'time' => $time ) );
    1598         if ( !is_array( $upload_bits_error ) ) {
     1598        if ( ! is_array( $upload_bits_error ) || isset( $upload_bits_error['error'] ) ) {
    15991599                $upload[ 'error' ] = $upload_bits_error;
    16001600                return $upload;
    16011601        }
     
    16171617        clearstatcache();
    16181618
    16191619        // Set correct file permissions
    1620         $stat = @ stat( dirname( $new_file ) );
     1620        $stat  = stat( dirname( $new_file ) );
    16211621        $perms = $stat['mode'] & 0007777;
    16221622        $perms = $perms & 0000666;
    16231623        @ chmod( $new_file, $perms );
    16241624        clearstatcache();
    16251625
     1626        // Attempt to validate the extension as being correct
     1627        if ( $additional_args['validate_extension'] ) {
     1628                $wp_filetype = wp_check_filetype_and_ext( $new_file, $name, $additional_args['mimes'] );
     1629
     1630                extract( $wp_filetype );
     1631
     1632                // This will be set if the original filename was invalid
     1633                if ( $proper_filename ) {
     1634                        $filename = wp_unique_filename( $upload['path'], $proper_filename );
     1635                        $new_file_path = $upload['path'] . "/$filename";
     1636                        rename( $new_file, $new_file_path );
     1637                        $new_file = $new_file_path;
     1638                }
     1639
     1640                if ( ( !$type || !$ext ) && !current_user_can( 'unfiltered_upload' ) ) {
     1641                        unlink( $new_file );
     1642                        return array( 'error' => __( 'Sorry, this file type is not permitted for security reasons.' ) );
     1643                }
     1644        }
     1645        else {
     1646                $type = false;
     1647        }
     1648
    16261649        // Compute the URL
    16271650        $url = $upload['url'] . "/$filename";
    16281651
    1629         return array( 'file' => $new_file, 'url' => $url, 'error' => false );
     1652        if ( is_multisite() )
     1653                delete_transient( 'dirsize_cache' );
     1654
     1655        return array( 'file' => $new_file, 'url' => $url, 'type' => $type, 'error' => false );
    16301656}
    16311657
    16321658/**
  • wp-includes/class-wp-xmlrpc-server.php

     
    45574557                }
    45584558
    45594559                $upload = wp_upload_bits($name, null, $bits);
     4560
    45604561                if ( ! empty($upload['error']) ) {
    45614562                        $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']);
    45624563                        return new IXR_Error(500, $errorString);
    45634564                }
     4565
     4566                if( $upload['type'] )
     4567                        $type = $upload['type'];
     4568
    45644569                // Construct the attachment array
    45654570                // attach to post_id 0
    45664571                $post_id = 0;
  • wp-admin/includes/ms.php

     
    1919        if ( get_site_option( 'upload_space_check_disabled' ) )
    2020                return $file;
    2121
    22         if ( $file['error'] != '0' ) // there's already an error
     22        if ( isset( $file['error'] ) && $file['error'] != '0' ) // there's already an error
    2323                return $file;
    2424
    2525        if ( defined( 'WP_IMPORTING' ) )
     
    2828        $space_allowed = 1048576 * get_space_allowed();
    2929        $space_used = get_dirsize( BLOGUPLOADDIR );
    3030        $space_left = $space_allowed - $space_used;
    31         $file_size = filesize( $file['tmp_name'] );
    32         if ( $space_left < $file_size )
     31
     32        if( 'wp_upload_bits' == current_filter() ) {
     33                if( function_exists( 'mb_strlen' ) )
     34                        $file_size = mb_strlen( $file['bits'], 'ascii');
     35                else
     36                        $file_size = strlen( $file['bits'] );
     37        }
     38        else {
     39                $file_size = filesize( $file['tmp_name'] );
     40        }
     41
     42        if( $space_left < $file_size )
    3343                $file['error'] = sprintf( __( 'Not enough space to upload. %1$s KB needed.' ), number_format( ($file_size - $space_left) /1024 ) );
    34         if ( $file_size > ( 1024 * get_site_option( 'fileupload_maxk', 1500 ) ) )
     44        if( $file_size > ( 1024 * get_site_option( 'fileupload_maxk', 1500 ) ) )
    3545                $file['error'] = sprintf(__('This file is too big. Files must be less than %1$s KB in size.'), get_site_option( 'fileupload_maxk', 1500 ) );
    36         if ( upload_is_user_over_quota( false ) ) {
     46        if( upload_is_user_over_quota( false ) ) {
    3747                $file['error'] = __( 'You have used your space quota. Please delete files before uploading.' );
    3848        }
    39         if ( $file['error'] != '0' && !isset($_POST['html-upload']) )
     49        if( 'wp_handle_upload_prefilter' == current_filter() && $file['error'] != '0' && ! isset( $_POST['html-upload'] ) )
    4050                wp_die( $file['error'] . ' <a href="javascript:history.go(-1)">' . __( 'Back' ) . '</a>' );
    4151
    4252        return $file;
    4353}
    4454add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' );
     55add_filter( 'wp_upload_bits', 'check_upload_size' );
    4556
    4657/**
    4758 * Delete a blog