Ticket #39550: 39550.3.diff
| File 39550.3.diff, 4.4 KB (added by , 8 years ago) |
|---|
-
src/wp-includes/functions.php
diff --git src/wp-includes/functions.php src/wp-includes/functions.php index 3923ca92ec2..6af3ffb99f8 100644
function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2267 2267 return compact( 'ext', 'type', 'proper_filename' ); 2268 2268 } 2269 2269 2270 $real_mime = false; 2271 2270 2272 // Validate image types. 2271 2273 if ( $type && 0 === strpos( $type, 'image/' ) ) { 2272 2274 2273 2275 // Attempt to figure out what type of image it actually is 2274 2276 $real_mime = wp_get_image_mime( $file ); 2275 2277 2276 if ( ! $real_mime ) { 2277 $type = $ext = false; 2278 } elseif ( $real_mime != $type ) { 2278 if ( $real_mime && $real_mime != $type ) { 2279 2279 /** 2280 2280 * Filters the list mapping image mime types to their respective extensions. 2281 2281 * … … function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2306 2306 $ext = $wp_filetype['ext']; 2307 2307 $type = $wp_filetype['type']; 2308 2308 } else { 2309 $ type = $ext= false;2309 $ext = $type = false; 2310 2310 } 2311 2311 } 2312 } elseif ( function_exists( 'finfo_file' ) ) { 2313 // Use finfo_file if available to validate non-image files. 2312 } 2313 2314 // Validate files that didn't get checked by image validation. 2315 if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { 2314 2316 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2315 2317 $real_mime = finfo_file( $finfo, $file ); 2316 2318 finfo_close( $finfo ); 2317 2319 2318 // If the extension does not match the file's real type, return false. 2319 if ( $real_mime !== $type ) { 2320 $type = $ext = false; 2320 // If the real mime doesn't match, do some extra vetting. 2321 if ( ( $real_mime !== $type ) && ( 0 === strpos( $real_mime, 'application' ) ) ) { 2322 $allowed = get_allowed_mime_types(); 2323 2324 if ( ! in_array( $real_mime, $allowed ) ) { 2325 $type = $ext = false; 2326 } 2321 2327 } 2322 2328 } 2323 2329 -
tests/phpunit/tests/functions.php
diff --git tests/phpunit/tests/functions.php tests/phpunit/tests/functions.php index 8932bc63f79..87d12974190 100644
class Tests_Functions extends WP_UnitTestCase { 898 898 $unique_uuids = array_unique( $uuids ); 899 899 $this->assertEquals( $uuids, $unique_uuids ); 900 900 } 901 902 /** 903 * @ticket 39550 904 * @dataProvider _wp_check_filetype_and_ext_data 905 */ 906 function test_wp_check_filetype_and_ext( $file, $filename, $expected ) { 907 if ( ! extension_loaded( 'fileinfo' ) ) { 908 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 909 } 910 911 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 912 } 913 914 public static function _wp_check_filetype_and_ext_data() { 915 return array( 916 // Standard image. 917 array( 918 DIR_TESTDATA . '/images/canola.jpg', 919 'canola.jpg', 920 array( 921 'ext' => 'jpg', 922 'type' => 'image/jpeg', 923 'proper_filename' => false, 924 ), 925 ), 926 // Image with wrong extension. 927 array( 928 DIR_TESTDATA . '/images/test-image-mime-jpg.png', 929 'test-image-mime-jpg.png', 930 array( 931 'ext' => 'jpg', 932 'type' => 'image/jpeg', 933 'proper_filename' => 'test-image-mime-jpg.jpg', 934 ), 935 ), 936 // Image without extension. 937 array( 938 DIR_TESTDATA . '/images/test-image-no-extension', 939 'test-image-no-extension', 940 array( 941 'ext' => false, 942 'type' => false, 943 'proper_filename' => false, 944 ), 945 ), 946 // Non-image file with an image extension. 947 array( 948 DIR_TESTDATA . '/formatting/big5.txt', 949 'big5.jpg', 950 array( 951 'ext' => false, 952 'type' => false, 953 'proper_filename' => false, 954 ), 955 ), 956 // Standard non-image file. 957 array( 958 DIR_TESTDATA . '/formatting/big5.txt', 959 'big5.txt', 960 array( 961 'ext' => 'txt', 962 'type' => 'text/plain', 963 'proper_filename' => false, 964 ), 965 ), 966 // Non-image file with wrong sub-type. 967 array( 968 DIR_TESTDATA . '/uploads/pages-to-word.docx', 969 'pages-to-word.docx', 970 array( 971 'ext' => 'docx', 972 'type' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 973 'proper_filename' => false, 974 ), 975 ), 976 // Non-image file not allowed. 977 array( 978 DIR_TESTDATA . '/export/crazy-cdata.xml', 979 'crazy-cdata.xml', 980 array( 981 'ext' => false, 982 'type' => false, 983 'proper_filename' => false, 984 ), 985 ), 986 // Non-image file not recognized by finfo_file. 987 array( 988 DIR_TESTDATA . '/images/video-play.svg', 989 'video-play.svg', 990 array( 991 'ext' => false, 992 'type' => false, 993 'proper_filename' => false, 994 ), 995 ), 996 ); 997 } 901 998 }