Ticket #40175: 40175.3.diff
| File 40175.3.diff, 42.9 KB (added by , 7 years ago) |
|---|
-
src/wp-includes/functions.php
diff --git src/wp-includes/functions.php src/wp-includes/functions.php index b00a47c1d8..4936157fbb 100644
function wp_check_filetype( $filename, $mimes = null ) { 2474 2474 * @param string $file Full path to the file. 2475 2475 * @param string $filename The name of the file (may differ from $file due to $file being 2476 2476 * in a tmp directory). 2477 * @param array $mimesOptional. Key is the file extension with value as the mime type.2477 * @param array $mimes Optional. Key is the file extension with value as the mime type. 2478 2478 * @return array Values for the extension, MIME, and either a corrected filename or false 2479 2479 * if original $filename is valid. 2480 2480 */ 2481 2481 function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2482 $proper_filename = false; 2483 2484 // Do basic extension validation and MIME mapping 2482 // Get the extension and assumed mime type from the filename. 2485 2483 $wp_filetype = wp_check_filetype( $filename, $mimes ); 2486 2484 $ext = $wp_filetype['ext']; 2487 $ type= $wp_filetype['type'];2485 $unsafe_type = $wp_filetype['type']; 2488 2486 2489 // We can't do any further validation without a file to work with 2487 // We can't do any further validation without a file to work with. 2490 2488 if ( ! file_exists( $file ) ) { 2489 $type = $unsafe_type; 2490 $proper_filename = false; 2491 2491 return compact( 'ext', 'type', 'proper_filename' ); 2492 2492 } 2493 2493 2494 $real_mime = false; 2495 2496 // Validate image types. 2497 if ( $type && 0 === strpos( $type, 'image/' ) ) { 2498 2499 // Attempt to figure out what type of image it actually is 2500 $real_mime = wp_get_image_mime( $file ); 2501 2502 if ( $real_mime && $real_mime != $type ) { 2503 /** 2504 * Filters the list mapping image mime types to their respective extensions. 2505 * 2506 * @since 3.0.0 2507 * 2508 * @param array $mime_to_ext Array of image mime types and their matching extensions. 2509 */ 2510 $mime_to_ext = apply_filters( 2511 'getimagesize_mimes_to_exts', 2512 array( 2513 'image/jpeg' => 'jpg', 2514 'image/png' => 'png', 2515 'image/gif' => 'gif', 2516 'image/bmp' => 'bmp', 2517 'image/tiff' => 'tif', 2518 ) 2519 ); 2520 2521 // Replace whatever is after the last period in the filename with the correct extension 2522 if ( ! empty( $mime_to_ext[ $real_mime ] ) ) { 2523 $filename_parts = explode( '.', $filename ); 2524 array_pop( $filename_parts ); 2525 $filename_parts[] = $mime_to_ext[ $real_mime ]; 2526 $new_filename = implode( '.', $filename_parts ); 2494 // Get the real mime type of the file. 2495 $type = wp_get_mime_type( $file ); 2527 2496 2528 if ( $new_filename != $filename ) { 2529 $proper_filename = $new_filename; // Mark that it changed 2530 } 2531 // Redefine the extension / MIME 2532 $wp_filetype = wp_check_filetype( $new_filename, $mimes ); 2533 $ext = $wp_filetype['ext']; 2534 $type = $wp_filetype['type']; 2535 } else { 2536 // Reset $real_mime and try validating again. 2537 $real_mime = false; 2538 } 2539 } 2497 // Maybe update the filename based on the mime type. 2498 $proper_filename = false; 2499 if ( $type != $unsafe_type ) { 2500 $proper_filename = wp_maybe_rename_file( $filename, $type ); 2540 2501 } 2541 2502 2542 // Validate files that didn't get validated during previous checks. 2543 if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { 2544 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2545 $real_mime = finfo_file( $finfo, $file ); 2546 finfo_close( $finfo ); 2547 2548 // fileinfo often misidentifies obscure files as one of these types 2549 $nonspecific_types = array( 2550 'application/octet-stream', 2551 'application/encrypted', 2552 'application/CDFV2-encrypted', 2553 'application/zip', 2554 ); 2555 2556 /* 2557 * If $real_mime doesn't match the content type we're expecting from the file's extension, 2558 * we need to do some additional vetting. Media types and those listed in $nonspecific_types are 2559 * allowed some leeway, but anything else must exactly match the real content type. 2560 */ 2561 if ( in_array( $real_mime, $nonspecific_types, true ) ) { 2562 // File is a non-specific binary type. That's ok if it's a type that generally tends to be binary. 2563 if ( ! in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ) ) ) { 2564 $type = $ext = false; 2565 } 2566 } elseif ( 0 === strpos( $real_mime, 'video/' ) || 0 === strpos( $real_mime, 'audio/' ) ) { 2567 /* 2568 * For these types, only the major type must match the real value. 2569 * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip, 2570 * and some media files are commonly named with the wrong extension (.mov instead of .mp4) 2571 */ 2572 if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) { 2573 $type = $ext = false; 2574 } 2575 } elseif ( 'text/plain' === $real_mime ) { 2576 // A few common file types are occasionally detected as text/plain; allow those. 2577 if ( ! in_array( 2578 $type, 2579 array( 2580 'text/plain', 2581 'text/csv', 2582 'text/richtext', 2583 'text/tsv', 2584 'text/vtt', 2585 ) 2586 ) 2587 ) { 2588 $type = $ext = false; 2589 } 2590 } elseif ( 'text/rtf' === $real_mime ) { 2591 // Special casing for RTF files. 2592 if ( ! in_array( 2593 $type, 2594 array( 2595 'text/rtf', 2596 'text/plain', 2597 'application/rtf', 2598 ) 2599 ) 2600 ) { 2601 $type = $ext = false; 2602 } 2603 } else { 2604 if ( $type !== $real_mime ) { 2605 /* 2606 * Everything else including image/* and application/*: 2607 * If the real content type doesn't match the file extension, assume it's dangerous. 2608 */ 2609 $type = $ext = false; 2610 } 2611 } 2503 // Update the extension if the file is renamed. 2504 if ( $proper_filename ) { 2505 $ext = pathinfo( $proper_filename, PATHINFO_EXTENSION ); 2612 2506 } 2613 2507 2614 // The mime type must be allowed 2615 if ( $type ) { 2616 $allowed = get_allowed_mime_types(); 2617 2618 if ( ! in_array( $type, $allowed ) ) { 2619 $type = $ext = false; 2620 } 2508 // Unset values for any unallowed types. 2509 if ( ! wp_is_file_type_allowed( $ext, $type ) ) { 2510 $type = $ext = false; 2621 2511 } 2622 2512 2623 2513 /** … … function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2635 2525 return apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes ); 2636 2526 } 2637 2527 2528 /** 2529 * Determine if this extension and mime pair are safe. 2530 * 2531 * This should only return true if the extenstion and type are both supported together. 2532 * 2533 * @since X.X.X 2534 * 2535 * @param string $ext A file type extension. 2536 * @param string $type A mime type string. 2537 * @return bool Whether the extension and mime type pair is allowed. 2538 */ 2539 function wp_is_file_type_allowed( $ext, $type ) { 2540 $allowed_types = wp_get_allowed_file_types(); 2541 2542 return ( isset( $allowed_types[ $ext ] ) && in_array( $type, $allowed_types[ $ext ] ) ); 2543 } 2544 2545 /** 2546 * Fix the extension on some media filenames based on actual mime type. 2547 * 2548 * @since X.X.X 2549 * 2550 * @param string $filename The filename of the file. 2551 * @param string $type The mime type of the file. 2552 * @return string|false A corrected filename or false if the filename was unchanged. 2553 */ 2554 function wp_maybe_rename_file( $filename, $type ) { 2555 $proper_filename = false; 2556 2557 /** 2558 * Filters the list mapping image mime types to their respective extensions. 2559 * 2560 * @since 3.0.0 2561 * 2562 * @param array $mime_to_ext Array of image mime types and their matching extensions. 2563 */ 2564 $mime_to_ext = apply_filters( 2565 'getimagesize_mimes_to_exts', 2566 array( 2567 'image/jpeg' => 'jpg', 2568 'image/png' => 'png', 2569 'image/gif' => 'gif', 2570 'image/bmp' => 'bmp', 2571 'image/tiff' => 'tif', 2572 ) 2573 ); 2574 2575 // Replace whatever is after the last period in the filename with the correct extension 2576 if ( ! empty( $mime_to_ext[ $type ] ) ) { 2577 $filename_parts = explode( '.', $filename ); 2578 array_pop( $filename_parts ); 2579 2580 // Only rename files that had an extension to begin with. 2581 if ( ! empty( $filename_parts ) ) { 2582 $filename_parts[] = $mime_to_ext[ $type ]; 2583 $new_filename = implode( '.', $filename_parts ); 2584 2585 if ( $new_filename != $filename ) { 2586 $proper_filename = $new_filename; // Mark that it changed 2587 } 2588 } 2589 } 2590 2591 return $proper_filename; 2592 } 2593 2594 /** 2595 * Return the mime type of a file. 2596 * 2597 * @since X.X.X 2598 * 2599 * @param string $file Full path to the file to be checked. 2600 * @return string The mime type value. Note that 'application/octet-stream' is a generic file. 2601 */ 2602 function wp_get_mime_type( $file ) { 2603 $mime_guessers = array( 2604 'wp_get_image_mime', 2605 'wp_get_file_mime', 2606 ); 2607 2608 /** 2609 * Filters the list of mime guesser callbacks. 2610 * 2611 * Mime guessers are called in priority order, returning the first mime type found. 2612 * When adding a guesser callback, an unknown mime type should be returned as false. 2613 * 2614 * @since X.X.X 2615 * 2616 * @param array $mime_guessers List of supported mime guessing callback functions. 2617 * @param string $file Full path to the file. 2618 */ 2619 apply_filters( 'wp_mime_guessers', $mime_guessers, $file ); 2620 2621 foreach ( $mime_guessers as $guesser ) { 2622 $mime_type = call_user_func( $guesser, $file ); 2623 2624 // Return as soon as we've found a mime type. 2625 if ( $mime_type ) { 2626 return $mime_type; 2627 } 2628 } 2629 2630 // If no mime type was determined, return application/octet-stream. 2631 return 'application/octet-stream'; 2632 } 2633 2638 2634 /** 2639 2635 * Returns the real mime type of an image file. 2640 2636 * … … function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2646 2642 * @return string|false The actual mime type or false if the type cannot be determined. 2647 2643 */ 2648 2644 function wp_get_image_mime( $file ) { 2645 // Determine the filetype 2646 $ext = pathinfo( $file, PATHINFO_EXTENSION ); 2647 $type = wp_ext2type( $ext ); 2648 2649 // Bail early if this isn't a supported image file. 2650 if ( 'image' !== $type ) { 2651 return false; 2652 } 2653 2649 2654 /* 2650 2655 * Use exif_imagetype() to check the mimetype if available or fall back to 2651 2656 * getimagesize() if exif isn't avaialbe. If either function throws an Exception … … function wp_get_image_mime( $file ) { 2659 2664 $imagesize = getimagesize( $file ); 2660 2665 $mime = ( isset( $imagesize['mime'] ) ) ? $imagesize['mime'] : false; 2661 2666 } else { 2667 // Mime can't be determined. 2662 2668 $mime = false; 2663 2669 } 2664 2670 } catch ( Exception $e ) { 2665 2671 $mime = false; 2666 2672 } 2667 2673 2668 return $mime; 2674 // An application/octet-stream value means the value wasn't determined. 2675 return ( 'application/octet-stream' === $mime ) ? false : $mime; 2676 } 2677 2678 /** 2679 * Returns the real mime type of a file. 2680 * 2681 * This depends on finfo_file() to determine real mime types. 2682 * 2683 * @since X.X.X 2684 * 2685 * @param string $file Full path to the file. 2686 * @return string|false The actual mime type or false if the type cannot be determined. 2687 */ 2688 function wp_get_file_mime( $file ) { 2689 // Try to validate the file if we don't have a real mime already. 2690 if ( ! extension_loaded( 'fileinfo' ) ) { 2691 return false; 2692 } 2693 2694 try { 2695 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2696 $mime_type = finfo_file( $finfo, $file ); 2697 finfo_close( $finfo ); 2698 } catch ( Exception $e ) { 2699 $mime_type = false; 2700 } 2701 2702 // An application/octet-stream value means the value wasn't determined. 2703 return ( 'application/octet-stream' === $mime_type ) ? false : $mime_type; 2704 } 2705 2706 /** 2707 * Get a list of extensions and relative mime types. 2708 * 2709 * @since X.X.X 2710 * 2711 * @return array A multidimensional array containing file extensions and mime types. 2712 */ 2713 function wp_get_file_types() { 2714 2715 $mime_map = array( 2716 // Image formats. 2717 'jpg' => array( 2718 'image/jpeg', 2719 'image/pjpeg', 2720 ), 2721 'jpeg' => array( 2722 'image/jpeg', 2723 'image/pjpeg', 2724 ), 2725 'jpe' => array( 2726 'image/jpeg', 2727 'image/pjpeg', 2728 ), 2729 'gif' => array( 2730 'image/gif', 2731 2732 ), 2733 'png' => array( 2734 'image/png', 2735 'image/vnd.mozilla.apng', 2736 ), 2737 'bmp' => array( 2738 'image/bmp', 2739 'image/x-bmp', 2740 'image/x-ms-bmp', 2741 ), 2742 'tiff' => array( 2743 'image/tiff', 2744 ), 2745 'tif' => array( 2746 'image/tiff', 2747 ), 2748 'ico' => array( 2749 'application/ico', 2750 'image/ico', 2751 'image/icon', 2752 'image/vnd.microsoft.icon', 2753 'image/x-ico', 2754 'image/x-icon', 2755 'text/ico', 2756 ), 2757 // Video formats. 2758 'asf' => array( 2759 'application/vnd.ms-asf', 2760 'video/x-ms-asf', 2761 'video/x-ms-asf-plugin', 2762 'video/x-ms-wm', 2763 ), 2764 'asx' => array( 2765 'application/x-ms-asx', 2766 'application/xml', 2767 'audio/x-ms-asx', 2768 'video/x-ms-asf', 2769 'video/x-ms-wax', 2770 'video/x-ms-wmx', 2771 'video/x-ms-wvx', 2772 ), 2773 'wmv' => array( 2774 'application/vnd.ms-asf', 2775 'video/x-ms-asf', 2776 'video/x-ms-wmv', 2777 ), 2778 'wmx' => array( 2779 'application/x-ms-asx', 2780 'audio/x-ms-asx', 2781 'video/x-ms-wax', 2782 'video/x-ms-wmx', 2783 'video/x-ms-wvx', 2784 ), 2785 'wm' => array( 2786 'video/x-ms-wm', 2787 ), 2788 'avi' => array( 2789 'video/avi', 2790 'video/divx', 2791 'video/msvideo', 2792 'video/vnd.divx', 2793 'video/x-avi', 2794 'video/x-msvideo', 2795 ), 2796 'divx' => array( 2797 'video/avi', 2798 'video/divx', 2799 'video/msvideo', 2800 'video/vnd.divx', 2801 'video/x-avi', 2802 'video/x-msvideo', 2803 ), 2804 'flv' => array( 2805 'application/x-flash-video', 2806 'flv-application/octet-stream', 2807 'video/flv', 2808 'video/x-flv', 2809 ), 2810 'mov' => array( 2811 'application/quicktime', 2812 'video/quicktime', 2813 ), 2814 'qt' => array( 2815 'application/quicktime', 2816 'video/quicktime', 2817 ), 2818 'mpeg' => array( 2819 'video/mpeg', 2820 'video/mpeg-system', 2821 'video/x-mpeg', 2822 'video/x-mpeg-system', 2823 'video/x-mpeg2', 2824 ), 2825 'mpg' => array( 2826 'video/mpeg', 2827 'video/mpeg-system', 2828 'video/x-mpeg', 2829 'video/x-mpeg-system', 2830 'video/x-mpeg2', 2831 ), 2832 'mpe' => array( 2833 'video/mpeg', 2834 'video/mpeg-system', 2835 'video/x-mpeg', 2836 'video/x-mpeg-system', 2837 'video/x-mpeg2', 2838 ), 2839 'mp4' => array( 2840 'video/mp4', 2841 'video/mp4v-es', 2842 'video/quicktime', 2843 'video/vnd.objectvideo', 2844 'video/x-m4v', 2845 ), 2846 'm4v' => array( 2847 'video/mp4', 2848 'video/mp4v-es', 2849 'video/x-m4v', 2850 ), 2851 'ogv' => array( 2852 'application/ogg', 2853 'video/ogg', 2854 'video/x-ogg', 2855 ), 2856 'webm' => array( 2857 'application/x-matroska', 2858 'video/webm', 2859 ), 2860 'mkv' => array( 2861 'application/x-matroska', 2862 'video/x-matroska', 2863 ), 2864 '3gp' => array( // Can also be audio 2865 'audio/3gpp', 2866 'audio/3gpp-encrypted', 2867 'audio/x-rn-3gpp-amr', 2868 'audio/x-rn-3gpp-amr-encrypted', 2869 'audio/x-rn-3gpp-amr-wb', 2870 'audio/x-rn-3gpp-amr-wb-encrypted', 2871 'video/3gp', 2872 'video/3gpp', 2873 'video/3gpp-encrypted', 2874 'video/mp4', 2875 ), 2876 '3gpp' => array( // Can also be audio 2877 'audio/3gpp', 2878 'audio/3gpp-encrypted', 2879 'audio/x-rn-3gpp-amr', 2880 'audio/x-rn-3gpp-amr-encrypted', 2881 'audio/x-rn-3gpp-amr-wb', 2882 'audio/x-rn-3gpp-amr-wb-encrypted', 2883 'video/3gp', 2884 'video/3gpp', 2885 'video/3gpp-encrypted', 2886 'video/mp4', 2887 ), 2888 '3g2' => array( // Can also be audio 2889 'audio/3gpp2', 2890 'video/3gpp2', 2891 'video/mp4', 2892 ), 2893 '3gp2' => array( // Can also be audio 2894 'audio/3gpp2', 2895 'video/3gpp2', 2896 'video/mp4', 2897 ), 2898 // Text formats. 2899 'txt' => array( 2900 'text/plain', 2901 'text/prs.fallenstein.rst', 2902 'text/prs.prop.logic', 2903 ), 2904 'asc' => array( 2905 'application/pgp', 2906 'application/pgp-encrypted', 2907 'application/pgp-keys', 2908 'application/pgp-signature', 2909 'text/plain', 2910 ), 2911 'c' => array( 2912 'text/plain', 2913 'text/x-c', 2914 ), 2915 'cc' => array( 2916 'text/plain', 2917 'text/x-c', 2918 'text/x-c++src', 2919 'text/x-csrc', 2920 ), 2921 'h' => array( 2922 'text/plain', 2923 'text/x-c', 2924 ), 2925 'srt' => array( 2926 'application/x-srt', 2927 'application/x-subrip', 2928 'text/plain', 2929 ), 2930 'csv' => array( 2931 'text/csv', 2932 'text/plain', 2933 'text/x-comma-separated-values', 2934 'text/x-csv', 2935 ), 2936 'tsv' => array( 2937 'text/tab-separated-values', 2938 'text/plain', 2939 ), 2940 'ics' => array( 2941 'application/ics', 2942 'text/calendar', 2943 'text/plain', 2944 'text/x-vcalendar', 2945 ), 2946 'rtx' => array( 2947 'text/plain', 2948 'text/richtext', 2949 ), 2950 'css' => array( 2951 'text/css', 2952 'text/plain', 2953 ), 2954 'htm' => array( 2955 'application/xhtml+xml', 2956 'application/xml', 2957 'text/html', 2958 'text/plain', 2959 ), 2960 'html' => array( 2961 'application/vnd.dtg.local.html', 2962 'application/xhtml+xml', 2963 'application/xml', 2964 'text/html', 2965 'text/plain', 2966 ), 2967 'vtt' => array( 2968 'text/plain', 2969 'text/vtt', 2970 ), 2971 // Audio formats. 2972 'mp3' => array( 2973 'audio/mp3', 2974 'audio/mpeg', 2975 'audio/x-mp3', 2976 'audio/x-mpeg', 2977 'audio/x-mpg', 2978 ), 2979 'm4a' => array( 2980 'application/quicktime', 2981 'audio/m4a', 2982 'audio/mp4', 2983 'audio/x-m4a', 2984 'audio/x-mp4a', 2985 ), 2986 'm4b' => array( 2987 'application/quicktime', 2988 'audio/mp4', 2989 'audio/x-m4a', 2990 'audio/x-m4b', 2991 'audio/x-mp4a', 2992 ), 2993 'aac' => array( 2994 'audio/aac', 2995 'audio/x-aac', 2996 'audio/x-hx-aac-adts', 2997 ), 2998 'ra' => array( 2999 'audio/vnd.m-realaudio', 3000 'audio/vnd.rn-realaudio', 3001 'audio/x-pn-realaudio', 3002 'audio/x-realaudio', 3003 ), 3004 'ram' => array( 3005 'application/ram', 3006 'audio/x-pn-realaudio', 3007 'audio/x-realaudio', 3008 ), 3009 'wav' => array( 3010 'audio/vnd.dts', 3011 'audio/vnd.wave', 3012 'audio/wav', 3013 'audio/wave', 3014 'audio/x-wav', 3015 ), 3016 'ogg' => array( // Can also be video. 3017 'application/ogg', 3018 'application/x-ogg', 3019 'audio/ogg', 3020 'audio/vorbis', 3021 'audio/x-flac+ogg', 3022 'audio/x-ogg', 3023 'audio/x-oggflac', 3024 'audio/x-speex+ogg', 3025 'audio/x-vorbis', 3026 'audio/x-vorbis+ogg', 3027 'video/ogg', 3028 'video/x-ogg', 3029 'video/x-theora', 3030 'video/x-theora+ogg', 3031 ), 3032 'oga' => array( 3033 'application/ogg', 3034 'audio/ogg', 3035 'audio/vorbis', 3036 'audio/x-flac+ogg', 3037 'audio/x-ogg', 3038 'audio/x-oggflac', 3039 'audio/x-speex+ogg', 3040 'audio/x-vorbis', 3041 'audio/x-vorbis+ogg', 3042 ), 3043 'flac' => array( 3044 'audio/flac', 3045 'audio/x-flac', 3046 ), 3047 'mid' => array( 3048 'audio/midi', 3049 'audio/sp-midi', 3050 'audio/x-midi', 3051 ), 3052 'midi' => array( 3053 'audio/midi', 3054 'audio/x-midi', 3055 ), 3056 'wma' => array( 3057 'application/vnd.ms-asf', 3058 'audio/wma', 3059 'audio/x-ms-wma', 3060 'video/x-ms-asf', 3061 ), 3062 'wax' => array( 3063 'application/x-ms-asx', 3064 'audio/x-ms-asx', 3065 'audio/x-ms-wax', 3066 'video/x-ms-wax', 3067 'video/x-ms-wmx', 3068 'video/x-ms-wvx', 3069 ), 3070 'mka' => array( 3071 'application/x-matroska', 3072 'audio/x-matroska', 3073 ), 3074 // Misc application formats. 3075 'rtf' => array( 3076 'application/rtf', 3077 'text/plain', 3078 'text/rtf', 3079 ), 3080 'js' => array( 3081 'application/ecmascript', 3082 'application/javascript', 3083 'application/node', 3084 'application/x-javascript', 3085 'text/javascript', 3086 'text/plain', 3087 ), 3088 'pdf' => array( 3089 'application/acrobat', 3090 'application/nappdf', 3091 'application/pdf', 3092 'application/x-pdf', 3093 'image/pdf', 3094 ), 3095 'swf' => array( 3096 'application/futuresplash', 3097 'application/vnd.adobe.flash.movie', 3098 'application/x-shockwave-flash', 3099 ), 3100 'class' => array( 3101 'application/java', 3102 'application/java-byte-code', 3103 'application/java-vm', 3104 'application/vnd.dvb.dvbj', 3105 'application/x-java', 3106 'application/x-java-class', 3107 'application/x-java-vm', 3108 ), 3109 'tar' => array( 3110 'application/x-gtar', 3111 'application/x-tar', 3112 ), 3113 'zip' => array( 3114 'application/vnd.easykaraoke.cdgdownload', 3115 'application/vnd.gov.sk.e-form+zip', 3116 'application/x-zip', 3117 'application/x-zip-compressed', 3118 'application/zip', 3119 ), 3120 'gz' => array( 3121 'application/gzip', 3122 'application/gzip-compressed', 3123 'application/gzipped', 3124 'application/x-gunzip', 3125 'application/x-gzip', 3126 'application/x-gzip-compressed', 3127 'gzip/document', 3128 ), 3129 'gzip' => array( 3130 'application/gzip', 3131 'application/gzip-compressed', 3132 'application/gzipped', 3133 'application/x-gunzip', 3134 'application/x-gzip', 3135 'application/x-gzip-compressed', 3136 'gzip/document', 3137 ), 3138 'rar' => array( 3139 'application/vnd.rar', 3140 'application/x-rar', 3141 'application/x-rar-compressed', 3142 ), 3143 '7z' => array( 3144 'application/x-7z-compressed', 3145 ), 3146 'exe' => array( 3147 'application/octet-stream', 3148 'application/x-dosexec', 3149 'application/x-ms-dos-executable', 3150 'application/x-msdownload', 3151 ), 3152 'psd' => array( 3153 'application/photoshop', 3154 'application/x-photoshop', 3155 'image/photoshop', 3156 'image/psd', 3157 'image/vnd.adobe.photoshop', 3158 'image/x-photoshop', 3159 'image/x-psd', 3160 ), 3161 'xcf' => array( 3162 'image/x-xcf', 3163 'image/xcf', 3164 ), 3165 // MS Office formats. 3166 'doc' => array( 3167 'application/msword', 3168 'application/vnd.ms-office', 3169 'application/vnd.ms-word', 3170 'application/x-msword', 3171 'application/x-ole-storage', 3172 'application/xml', 3173 'zz-application/zz-winassoc-doc', 3174 ), 3175 'pot' => array( 3176 'application/mspowerpoint', 3177 'application/powerpoint', 3178 'application/vnd.ms-office', 3179 'application/vnd.ms-powerpoint', 3180 'application/x-mspowerpoint', 3181 'text/plain', 3182 'text/x-gettext-translation-template', 3183 'text/x-pot', 3184 ), 3185 'pps' => array( 3186 'application/mspowerpoint', 3187 'application/powerpoint', 3188 'application/vnd.ms-office', 3189 'application/vnd.ms-powerpoint', 3190 'application/x-mspowerpoint', 3191 ), 3192 'ppt' => array( 3193 'application/mspowerpoint', 3194 'application/powerpoint', 3195 'application/vnd.ms-office', 3196 'application/vnd.ms-powerpoint', 3197 'application/x-mspowerpoint', 3198 ), 3199 'wri' => array( 3200 'application/vnd.ms-write', 3201 'application/x-mswrite', 3202 ), 3203 'xla' => array( 3204 'application/msexcel', 3205 'application/vnd.ms-excel', 3206 'application/vnd.ms-office', 3207 'application/x-msexcel', 3208 'application/xml', 3209 'zz-application/zz-winassoc-xls', 3210 ), 3211 'xls' => array( 3212 'application/msexcel', 3213 'application/vnd.ms-excel', 3214 'application/vnd.ms-office', 3215 'application/x-msexcel', 3216 'application/xml', 3217 'zz-application/zz-winassoc-xls', 3218 ), 3219 'xlt' => array( 3220 'application/msexcel', 3221 'application/vnd.ms-excel', 3222 'application/vnd.ms-office', 3223 'application/x-msexcel', 3224 'application/xml', 3225 'zz-application/zz-winassoc-xls', 3226 ), 3227 'xlw' => array( 3228 'application/msexcel', 3229 'application/vnd.ms-excel', 3230 'application/vnd.ms-office', 3231 'application/x-msexcel', 3232 'application/xml', 3233 'zz-application/zz-winassoc-xls', 3234 ), 3235 'mdb' => array( 3236 'application/mdb', 3237 'application/msaccess', 3238 'application/vnd.ms-access', 3239 'application/vnd.msaccess', 3240 'application/x-mdb', 3241 'application/x-msaccess', 3242 'zz-application/zz-winassoc-mdb', 3243 ), 3244 'mpp' => array( 3245 'application/vnd.ms-project', 3246 'audio/x-musepack', 3247 ), 3248 'docx' => array( 3249 'application/vnd.ms-office', 3250 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 3251 'application/zip', 3252 ), 3253 'docm' => array( 3254 'application/vnd.ms-office', 3255 'application/vnd.ms-word.document.macroenabled.12', 3256 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 3257 'application/xml', 3258 ), 3259 'dotx' => array( 3260 'application/vnd.ms-office', 3261 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 3262 'application/zip', 3263 ), 3264 'dotm' => array( 3265 'application/vnd.ms-office', 3266 'application/vnd.ms-word.template.macroenabled.12', 3267 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 3268 'application/xml', 3269 ), 3270 'xlsx' => array( 3271 'application/vnd.ms-office', 3272 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3273 'application/zip', 3274 ), 3275 'xlsm' => array( 3276 'application/vnd.ms-excel.sheet.macroenabled.12', 3277 'application/vnd.ms-office', 3278 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3279 'application/zip', 3280 ), 3281 'xlsb' => array( 3282 'application/vnd.ms-excel.sheet.binary.macroenabled.12', 3283 'application/vnd.ms-office', 3284 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3285 'application/xml', 3286 ), 3287 'xltx' => array( 3288 'application/vnd.ms-office', 3289 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3290 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 3291 'application/zip', 3292 ), 3293 'xltm' => array( 3294 'application/vnd.ms-excel.template.macroenabled.12', 3295 'application/vnd.ms-office', 3296 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 3297 'application/xml', 3298 ), 3299 'xlam' => array( 3300 'application/vnd.ms-excel.addin.macroenabled.12', 3301 'application/vnd.ms-office', 3302 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3303 'application/xml', 3304 ), 3305 'pptx' => array( 3306 'application/vnd.ms-office', 3307 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 3308 'application/zip', 3309 ), 3310 'pptm' => array( 3311 'application/vnd.ms-office', 3312 'application/vnd.ms-powerpoint.presentation.macroenabled.12', 3313 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 3314 ), 3315 'ppsx' => array( 3316 'application/vnd.ms-office', 3317 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 3318 'application/zip', 3319 ), 3320 'ppsm' => array( 3321 'application/vnd.ms-office', 3322 'application/vnd.ms-powerpoint.slideshow.macroenabled.12', 3323 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 3324 ), 3325 'potx' => array( 3326 'application/vnd.ms-office', 3327 'application/vnd.openxmlformats-officedocument.presentationml.template', 3328 'application/zip', 3329 ), 3330 'potm' => array( 3331 'application/vnd.ms-office', 3332 'application/vnd.ms-powerpoint.template.macroenabled.12', 3333 'application/vnd.openxmlformats-officedocument.presentationml.template', 3334 ), 3335 'ppam' => array( 3336 'application/vnd.ms-office', 3337 'application/vnd.ms-powerpoint.addin.macroenabled.12', 3338 ), 3339 'sldx' => array( 3340 'application/vnd.ms-office', 3341 'application/vnd.openxmlformats-officedocument.presentationml.slide', 3342 'application/zip', 3343 ), 3344 'sldm' => array( 3345 'application/vnd.ms-office', 3346 'application/vnd.ms-powerpoint.slide.macroenabled.12', 3347 'application/vnd.openxmlformats-officedocument.presentationml.slide', 3348 ), 3349 'onetoc' => array( 3350 'application/onenote', 3351 'application/onenoteformatonetoc2', 3352 ), 3353 'onetoc2' => array( 3354 'application/onenote', 3355 'application/onenoteformatonetoc2', 3356 ), 3357 'onetmp' => array( 3358 'application/msonenote', 3359 'application/onenote', 3360 ), 3361 'onepkg' => array( 3362 'application/onenote', 3363 'application/onenoteformatpackage', 3364 'application/vnd.ms-cab-compressed', 3365 ), 3366 'oxps' => array( 3367 'application/oxps', 3368 'application/vnd.ms-xpsdocument', 3369 'application/xps', 3370 'application/zip', 3371 ), 3372 'xps' => array( 3373 'application/oxps', 3374 'application/vnd.ms-xpsdocument', 3375 'application/xps', 3376 'application/zip', 3377 ), 3378 // OpenOffice formats. 3379 'odt' => array( 3380 'application/vnd.oasis.opendocument.text', 3381 'application/x-vnd.oasis.opendocument.text', 3382 'application/zip', 3383 ), 3384 'odp' => array( 3385 'application/vnd.oasis.opendocument.presentation', 3386 'application/x-vnd.oasis.opendocument.presentation', 3387 'application/zip', 3388 ), 3389 'ods' => array( 3390 'application/vnd.oasis.opendocument.spreadsheet', 3391 'application/x-vnd.oasis.opendocument.spreadsheet', 3392 'application/zip', 3393 ), 3394 'odg' => array( 3395 'application/vnd.oasis.opendocument.graphics', 3396 'application/x-vnd.oasis.opendocument.graphics', 3397 'application/zip', 3398 ), 3399 'odc' => array( 3400 'application/vnd.oasis.opendocument.chart', 3401 'application/x-vnd.oasis.opendocument.chart', 3402 'application/zip', 3403 ), 3404 'odb' => array( 3405 'application/vnd.oasis.opendocument.base', 3406 'application/vnd.oasis.opendocument.database', 3407 'application/vnd.sun.xml.base', 3408 'application/zip', 3409 ), 3410 'odf' => array( 3411 'application/vnd.oasis.opendocument.formula', 3412 'application/x-vnd.oasis.opendocument.formula', 3413 'application/zip', 3414 ), 3415 // WordPerfect formats. 3416 'wp' => array( 3417 'application/vnd.wordperfect', 3418 'application/wordperfect', 3419 'application/x-wordperfect', 3420 ), 3421 'wpd' => array( 3422 'application/vnd.wordperfect', 3423 'application/wordperfect', 3424 'application/x-wordperfect', 3425 ), 3426 // iWork formats. 3427 'key' => array( 3428 'application/vnd.apple.iwork', 3429 'application/vnd.apple.keynote', 3430 'application/x-iwork-keynote-sffkey', 3431 'application/zip', 3432 ), 3433 'numbers' => array( 3434 'application/vnd.apple.iwork', 3435 'application/vnd.apple.numbers', 3436 ), 3437 'pages' => array( 3438 'application/vnd.apple.iwork', 3439 'application/vnd.apple.pages', 3440 ), 3441 ); 3442 3443 // Backwards compatibility for plugins/themes adding mime types. 3444 $extra_mimes = array(); 3445 3446 // Handle code filtering the old mime type list. 3447 if ( has_filter( 'mime_types' ) ) { 3448 /** 3449 * Documented in wp_get_mime_types(); 3450 * 3451 * Used to get the return value of anything added via the filter. 3452 */ 3453 $extra_mimes = apply_filters( 'mime_types', $extra_mimes ); 3454 } 3455 3456 // Many plugins add mimes via the 'upload_mimes' filter. 3457 if ( has_filter( 'upload_mimes' ) ) { 3458 /** 3459 * Documented in get_allowed_mime_types(); 3460 * 3461 * Used to get the return value of anything added via the filter. 3462 */ 3463 $extra_mimes = apply_filters( 'upload_mimes', $extra_mimes, null ); 3464 } 3465 3466 /* 3467 * Loop through any extra mimes added via filters and convert them 3468 * to the new multidimentional array format. 3469 */ 3470 foreach ( $extra_mimes as $ext_preg => $mime_val ) { 3471 // Convert any regex patterns to an array of extensions. 3472 $extensions = explode( '|', $ext_preg ); 3473 3474 // Add extra mimes to the extension, whether it exists or not. 3475 foreach ( $extensions as $ext ) { 3476 $mime_map[ $ext ][] = $mime_val; 3477 } 3478 } 3479 3480 /** 3481 * Filters the list of file extensions and mime types. 3482 * 3483 * This filter should be used to add, not remove, mime types. To remove 3484 * mime types, use the {@see 'wp_allowed_mimes'} filter. 3485 * 3486 * @since X.X.X 3487 * 3488 * @param array $mime_map File extensions and their corresponding mime types. 3489 * 3490 */ 3491 return apply_filters( 'wp_mimes', $mime_map ); 2669 3492 } 2670 3493 2671 3494 /** … … function wp_get_image_mime( $file ) { 2673 3496 * 2674 3497 * @since 3.5.0 2675 3498 * @since 4.2.0 Support was added for GIMP (xcf) files. 3499 * @deprecated X.X.X Use wp_get_file_types() 3500 * @see wp_get_file_types() 3501 2676 3502 * 2677 3503 * @return array Array of mime types keyed by the file extension regex corresponding to those types. 2678 3504 */ 2679 3505 function wp_get_mime_types() { 3506 // _deprecated_function( __FUNCTION__, 'X.X.X', 'wp_get_file_types()' ); 3507 2680 3508 /** 2681 3509 * Filters the list of mime types and file extensions. 2682 3510 * … … function wp_get_ext_types() { 2831 3659 ); 2832 3660 } 2833 3661 3662 /** 3663 * Retrieve list of allowed file types and corresponding mime types. 3664 * 3665 * @since X.X.X 3666 * 3667 * @param int|WP_User $user Optional. User to check. Defaults to current user. 3668 * @return array Array of mime types keyed by the file extension regex corresponding 3669 * to those types. 3670 */ 3671 function wp_get_allowed_file_types( $user = null ) { 3672 $mimes = wp_get_file_types(); 3673 3674 // Flash and executables are never allowed. 3675 unset( $mimes['swf'], $mimes['exe'] ); 3676 3677 // See if the user has unfiltered_html capabilities. 3678 $unfiltered_html = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); 3679 3680 // Apply extension restrictions for users without 'unfiltered_html' caps. 3681 if ( ! $unfiltered_html ) { 3682 unset( $mimes['htm'], $mimes['html'], $mimes['js'] ); 3683 } 3684 3685 /** 3686 * Filters list of allowed mime types and file extensions. 3687 * 3688 * @since X.X.X 3689 * 3690 * @param array $mimes List of allowed file types by extension and corresponding mime 3691 * types that are supported for each extension. Note that 'swf' 3692 * and 'exe' are never supported. 'htm', 'html', and 'js' are only 3693 * supported for users with unfiltered_html capabilities. 3694 * @param int|WP_User|null $user User ID, User object or null if not provided (indicates current user). 3695 */ 3696 return apply_filters( 'wp_allowed_file_types', $mimes, $user ); 3697 } 3698 2834 3699 /** 2835 3700 * Retrieve list of allowed mime types and file extensions. 2836 3701 * … … function wp_get_ext_types() { 2841 3706 * to those types. 2842 3707 */ 2843 3708 function get_allowed_mime_types( $user = null ) { 3709 // _deprecated_function( __FUNCTION__, 'X.X.X', 'wp_get_allowed_file_types()' ); 3710 2844 3711 $t = wp_get_mime_types(); 2845 3712 2846 3713 unset( $t['swf'], $t['exe'] ); -
tests/phpunit/tests/functions.php
diff --git tests/phpunit/tests/functions.php tests/phpunit/tests/functions.php index dd908dfcf7..24f3b11b0a 100644
class Tests_Functions extends WP_UnitTestCase { 1159 1159 1160 1160 /** 1161 1161 * @ticket 39550 1162 * @dataProvider _wp_check_filetype_and_ext_data 1162 * @dataProvider _wp_check_filetype_and_ext_data_allowed 1163 1163 */ 1164 function test_wp_check_filetype_and_ext ( $file, $filename, $expected ) {1164 function test_wp_check_filetype_and_ext_allowed( $file, $filename, $expected ) { 1165 1165 if ( ! extension_loaded( 'fileinfo' ) ) { 1166 1166 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1167 1167 } 1168 1168 1169 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1170 } 1171 1172 /** 1173 * @ticket 39550 1174 * @group ms-excluded 1175 */ 1176 function test_wp_check_filetype_and_ext_with_filtered_svg() { 1177 if ( ! extension_loaded( 'fileinfo' ) ) { 1178 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1179 } 1180 1181 $file = DIR_TESTDATA . '/uploads/video-play.svg'; 1182 $filename = 'video-play.svg'; 1183 1184 $expected = array( 1185 'ext' => 'svg', 1186 'type' => 'image/svg+xml', 1187 'proper_filename' => false, 1188 ); 1189 1190 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1191 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1192 1193 // Cleanup. 1194 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_svg' ) ); 1195 } 1196 1197 /** 1198 * @ticket 39550 1199 * @group ms-excluded 1200 */ 1201 function test_wp_check_filetype_and_ext_with_filtered_woff() { 1202 if ( ! extension_loaded( 'fileinfo' ) ) { 1203 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1204 } 1205 1206 $file = DIR_TESTDATA . '/uploads/dashicons.woff'; 1207 $filename = 'dashicons.woff'; 1208 1209 $expected = array( 1210 'ext' => 'woff', 1211 'type' => 'application/font-woff', 1212 'proper_filename' => false, 1213 ); 1169 $wp_check_file = wp_check_filetype_and_ext( $file, $filename ); 1170 $types = wp_get_file_types(); 1214 1171 1215 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1216 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1172 // Check that the extension and proper_filename are what we expect. 1173 $this->assertEquals( $expected['ext'], $wp_check_file['ext'], 'Extension does not match.' ); 1174 $this->assertEquals( $expected['proper_filename'], $wp_check_file['proper_filename'], 'File not named correctly.' ); 1217 1175 1218 // Cleanup. 1219 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_woff' ) ); 1220 } 1221 1222 public function _filter_mime_types_svg( $mimes ) { 1223 $mimes['svg'] = 'image/svg+xml'; 1224 return $mimes; 1225 } 1226 1227 public function _filter_mime_types_woff( $mimes ) { 1228 $mimes['woff'] = 'application/font-woff'; 1229 return $mimes; 1176 // Test that the actual file type is in the list of expected file types for that extension. 1177 $this->assertTrue( in_array( $wp_check_file['type'], $types[ $expected['ext'] ], true ), 'This filetype is not allowed.' ); 1230 1178 } 1231 1179 1232 /** 1233 * Data provider for test_wp_get_image_mime(); 1234 */ 1235 public function _wp_get_image_mime() { 1236 $data = array( 1237 // Standard JPEG. 1238 array( 1239 DIR_TESTDATA . '/images/test-image.jpg', 1240 'image/jpeg', 1241 ), 1242 // Standard GIF. 1243 array( 1244 DIR_TESTDATA . '/images/test-image.gif', 1245 'image/gif', 1246 ), 1247 // Standard PNG. 1248 array( 1249 DIR_TESTDATA . '/images/test-image.png', 1250 'image/png', 1251 ), 1252 // Image with wrong extension. 1253 array( 1254 DIR_TESTDATA . '/images/test-image-mime-jpg.png', 1255 'image/jpeg', 1256 ), 1257 // Not an image. 1258 array( 1259 DIR_TESTDATA . '/uploads/dashicons.woff', 1260 false, 1261 ), 1262 ); 1263 1264 return $data; 1265 } 1266 1267 public function _wp_check_filetype_and_ext_data() { 1180 public function _wp_check_filetype_and_ext_data_allowed() { 1268 1181 $data = array( 1269 1182 // Standard image. 1270 1183 array( … … class Tests_Functions extends WP_UnitTestCase { 1286 1199 'proper_filename' => 'test-image-mime-jpg.jpg', 1287 1200 ), 1288 1201 ), 1289 // Image without extension. 1290 array( 1291 DIR_TESTDATA . '/images/test-image-no-extension', 1292 'test-image-no-extension', 1293 array( 1294 'ext' => false, 1295 'type' => false, 1296 'proper_filename' => false, 1297 ), 1298 ), 1299 // Valid non-image file with an image extension. 1202 // Assorted text/* sample files 1300 1203 array( 1301 DIR_TESTDATA . '/ formatting/big5.txt',1302 ' big5.jpg',1204 DIR_TESTDATA . '/uploads/test.vtt', 1205 'test.vtt', 1303 1206 array( 1304 'ext' => false,1305 'type' => false,1207 'ext' => 'vtt', 1208 'type' => 'text/vtt', 1306 1209 'proper_filename' => false, 1307 1210 ), 1308 1211 ), 1309 // Non-image file not allowed.1310 1212 array( 1311 DIR_TESTDATA . '/ export/crazy-cdata.xml',1312 ' crazy-cdata.xml',1213 DIR_TESTDATA . '/uploads/test.csv', 1214 'test.csv', 1313 1215 array( 1314 'ext' => false, 1315 'type' => false, 1316 'proper_filename' => false, 1317 ), 1318 ), 1319 // Non-image file not allowed even if it's named like one. 1320 array( 1321 DIR_TESTDATA . '/export/crazy-cdata.xml', 1322 'crazy-cdata.jpg', 1323 array( 1324 'ext' => false, 1325 'type' => false, 1326 'proper_filename' => false, 1327 ), 1328 ), 1329 // Non-image file not allowed if it's named like something else. 1330 array( 1331 DIR_TESTDATA . '/export/crazy-cdata.xml', 1332 'crazy-cdata.doc', 1333 array( 1334 'ext' => false, 1335 'type' => false, 1336 'proper_filename' => false, 1337 ), 1338 ), 1339 // Non-image file not allowed even if it's named like one. 1340 array( 1341 DIR_TESTDATA . '/export/crazy-cdata.xml', 1342 'crazy-cdata.jpg', 1343 array( 1344 'ext' => false, 1345 'type' => false, 1346 'proper_filename' => false, 1347 ), 1348 ), 1349 // Non-image file not allowed if it's named like something else. 1350 array( 1351 DIR_TESTDATA . '/export/crazy-cdata.xml', 1352 'crazy-cdata.doc', 1353 array( 1354 'ext' => false, 1355 'type' => false, 1216 'ext' => 'csv', 1217 'type' => 'text/csv', 1356 1218 'proper_filename' => false, 1357 1219 ), 1358 1220 ), … … class Tests_Functions extends WP_UnitTestCase { 1429 1291 return $data; 1430 1292 } 1431 1293 1294 /** 1295 * @ticket 39550 1296 * @dataProvider _wp_check_filetype_and_ext_data_unallowed 1297 */ 1298 function test_wp_check_filetype_and_ext_unallowed( $file, $filename ) { 1299 if ( ! extension_loaded( 'fileinfo' ) ) { 1300 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1301 } 1302 1303 $expected = array( 1304 'ext' => false, 1305 'type' => false, 1306 'proper_filename' => false, 1307 ); 1308 1309 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1310 } 1311 1312 public function _wp_check_filetype_and_ext_data_unallowed() { 1313 $data = array( 1314 // Image without extension. 1315 array( 1316 DIR_TESTDATA . '/images/test-image-no-extension', 1317 'test-image-no-extension', 1318 ), 1319 // Valid non-image file with an image extension. 1320 array( 1321 DIR_TESTDATA . '/formatting/big5.txt', 1322 'big5.jpg', 1323 ), 1324 // DFXP files removed in WordPress 5.1.0 1325 array( 1326 DIR_TESTDATA . '/uploads/test.dfxp', 1327 'test.dfxp', 1328 ), 1329 // Non-image file not allowed. 1330 array( 1331 DIR_TESTDATA . '/export/crazy-cdata.xml', 1332 'crazy-cdata.xml', 1333 ), 1334 // Non-image file not allowed even if it's named like one. 1335 array( 1336 DIR_TESTDATA . '/export/crazy-cdata.xml', 1337 'crazy-cdata.jpg', 1338 ), 1339 // Non-image file not allowed if it's named like something else. 1340 array( 1341 DIR_TESTDATA . '/export/crazy-cdata.xml', 1342 'crazy-cdata.doc', 1343 ), 1344 // Non-image file not allowed even if it's named like one. 1345 array( 1346 DIR_TESTDATA . '/export/crazy-cdata.xml', 1347 'crazy-cdata.jpg', 1348 ), 1349 // Non-image file not allowed if it's named like something else. 1350 array( 1351 DIR_TESTDATA . '/export/crazy-cdata.xml', 1352 'crazy-cdata.doc', 1353 ), 1354 // Non-image file not allowed even if it's named like one. 1355 array( 1356 DIR_TESTDATA . '/export/crazy-cdata.xml', 1357 'crazy-cdata.jpg', 1358 ), 1359 // Non-image file not allowed if it's named like something else. 1360 array( 1361 DIR_TESTDATA . '/export/crazy-cdata.xml', 1362 'crazy-cdata.doc', 1363 ), 1364 ); 1365 1366 return $data; 1367 } 1368 1369 /** 1370 * @ticket 39550 1371 * @group ms-excluded 1372 */ 1373 function test_wp_check_filetype_and_ext_with_filtered_svg() { 1374 if ( ! extension_loaded( 'fileinfo' ) ) { 1375 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1376 } 1377 1378 $file = DIR_TESTDATA . '/uploads/video-play.svg'; 1379 $filename = 'video-play.svg'; 1380 1381 $expected = array( 1382 'ext' => 'svg', 1383 'type' => 'image/svg+xml', 1384 'proper_filename' => false, 1385 ); 1386 1387 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1388 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1389 1390 // Cleanup. 1391 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_svg' ) ); 1392 } 1393 1394 /** 1395 * @ticket 39550 1396 * @group ms-excluded 1397 */ 1398 function test_wp_check_filetype_and_ext_with_filtered_woff() { 1399 if ( ! extension_loaded( 'fileinfo' ) ) { 1400 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1401 } 1402 1403 $file = DIR_TESTDATA . '/uploads/dashicons.woff'; 1404 $filename = 'dashicons.woff'; 1405 1406 $expected = array( 1407 'ext' => 'woff', 1408 'type' => 'application/font-woff', 1409 'proper_filename' => false, 1410 ); 1411 1412 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1413 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1414 1415 // Cleanup. 1416 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_woff' ) ); 1417 } 1418 1419 public function _filter_mime_types_svg( $mimes ) { 1420 $mimes['svg'] = 'image/svg+xml'; 1421 return $mimes; 1422 } 1423 1424 public function _filter_mime_types_woff( $mimes ) { 1425 $mimes['woff'] = 'application/font-woff'; 1426 return $mimes; 1427 } 1428 1429 /** 1430 * Data provider for test_wp_get_image_mime(); 1431 */ 1432 public function _wp_get_image_mime() { 1433 $data = array( 1434 // Standard JPEG. 1435 array( 1436 DIR_TESTDATA . '/images/test-image.jpg', 1437 'image/jpeg', 1438 ), 1439 // Standard GIF. 1440 array( 1441 DIR_TESTDATA . '/images/test-image.gif', 1442 'image/gif', 1443 ), 1444 // Standard PNG. 1445 array( 1446 DIR_TESTDATA . '/images/test-image.png', 1447 'image/png', 1448 ), 1449 // Image with wrong extension. 1450 array( 1451 DIR_TESTDATA . '/images/test-image-mime-jpg.png', 1452 'image/jpeg', 1453 ), 1454 // Not an image. 1455 array( 1456 DIR_TESTDATA . '/uploads/dashicons.woff', 1457 false, 1458 ), 1459 ); 1460 1461 return $data; 1462 } 1463 1432 1464 /** 1433 1465 * Test file path validation 1434 1466 *