Ticket #40175: 40175.4.diff
| File 40175.4.diff, 45.5 KB (added by , 7 years ago) |
|---|
-
src/wp-includes/functions.php
diff --git src/wp-includes/functions.php src/wp-includes/functions.php index b00a47c1d8..f5b6b2475e 100644
function wp_check_filetype( $filename, $mimes = null ) { 2474 2474 * @param string $file Full path to the file. 2475 2475 * @param string $filename The name of the file (may differ from $file due to $file being 2476 2476 * in a tmp directory). 2477 * @param array $mimesOptional. Key is the file extension with value as the mime type.2477 * @param array $mimes Optional. Key is the file extension with value as the mime type. 2478 2478 * @return array Values for the extension, MIME, and either a corrected filename or false 2479 2479 * if original $filename is valid. 2480 2480 */ 2481 2481 function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2482 $proper_filename = false; 2483 2484 // Do basic extension validation and MIME mapping 2485 $wp_filetype = wp_check_filetype( $filename, $mimes ); 2486 $ext = $wp_filetype['ext']; 2487 $type = $wp_filetype['type']; 2488 2489 // We can't do any further validation without a file to work with 2482 /* 2483 * We can't do any further validation without a file to work with. 2484 * In the future, consider deprecating and returning a WP_Error instead. 2485 */ 2490 2486 if ( ! file_exists( $file ) ) { 2487 $wp_filetype = wp_check_filetype( $filename, $mimes ); 2488 $ext = $wp_filetype['ext']; 2489 $type = $wp_filetype['type']; 2490 $proper_filename = false; 2491 2491 return compact( 'ext', 'type', 'proper_filename' ); 2492 2492 } 2493 2493 2494 $real_mime = false; 2495 2496 // Validate image types. 2497 if ( $type && 0 === strpos( $type, 'image/' ) ) { 2498 2499 // Attempt to figure out what type of image it actually is 2500 $real_mime = wp_get_image_mime( $file ); 2501 2502 if ( $real_mime && $real_mime != $type ) { 2503 /** 2504 * Filters the list mapping image mime types to their respective extensions. 2505 * 2506 * @since 3.0.0 2507 * 2508 * @param array $mime_to_ext Array of image mime types and their matching extensions. 2509 */ 2510 $mime_to_ext = apply_filters( 2511 'getimagesize_mimes_to_exts', 2512 array( 2513 'image/jpeg' => 'jpg', 2514 'image/png' => 'png', 2515 'image/gif' => 'gif', 2516 'image/bmp' => 'bmp', 2517 'image/tiff' => 'tif', 2518 ) 2519 ); 2494 $ext = pathinfo( $filename, PATHINFO_EXTENSION ); 2495 $type = wp_get_mime_type( $file ); 2520 2496 2521 // Replace whatever is after the last period in the filename with the correct extension 2522 if ( ! empty( $mime_to_ext[ $real_mime ] ) ) { 2523 $filename_parts = explode( '.', $filename ); 2524 array_pop( $filename_parts ); 2525 $filename_parts[] = $mime_to_ext[ $real_mime ]; 2526 $new_filename = implode( '.', $filename_parts ); 2497 // Attempt to correct the extension of image files. 2498 $proper_filename = wp_maybe_fix_image_extension( $filename, $type ); 2527 2499 2528 if ( $new_filename != $filename ) { 2529 $proper_filename = $new_filename; // Mark that it changed 2530 } 2531 // Redefine the extension / MIME 2532 $wp_filetype = wp_check_filetype( $new_filename, $mimes ); 2533 $ext = $wp_filetype['ext']; 2534 $type = $wp_filetype['type']; 2535 } else { 2536 // Reset $real_mime and try validating again. 2537 $real_mime = false; 2538 } 2539 } 2500 // Update the extension if the file is renamed. 2501 if ( $proper_filename ) { 2502 $ext = pathinfo( $proper_filename, PATHINFO_EXTENSION ); 2540 2503 } 2541 2504 2542 // Validate files that didn't get validated during previous checks. 2543 if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { 2544 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2545 $real_mime = finfo_file( $finfo, $file ); 2546 finfo_close( $finfo ); 2547 2548 // fileinfo often misidentifies obscure files as one of these types 2549 $nonspecific_types = array( 2550 'application/octet-stream', 2551 'application/encrypted', 2552 'application/CDFV2-encrypted', 2553 'application/zip', 2554 ); 2555 2556 /* 2557 * If $real_mime doesn't match the content type we're expecting from the file's extension, 2558 * we need to do some additional vetting. Media types and those listed in $nonspecific_types are 2559 * allowed some leeway, but anything else must exactly match the real content type. 2560 */ 2561 if ( in_array( $real_mime, $nonspecific_types, true ) ) { 2562 // File is a non-specific binary type. That's ok if it's a type that generally tends to be binary. 2563 if ( ! in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ) ) ) { 2564 $type = $ext = false; 2565 } 2566 } elseif ( 0 === strpos( $real_mime, 'video/' ) || 0 === strpos( $real_mime, 'audio/' ) ) { 2567 /* 2568 * For these types, only the major type must match the real value. 2569 * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip, 2570 * and some media files are commonly named with the wrong extension (.mov instead of .mp4) 2571 */ 2572 if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) { 2573 $type = $ext = false; 2574 } 2575 } elseif ( 'text/plain' === $real_mime ) { 2576 // A few common file types are occasionally detected as text/plain; allow those. 2577 if ( ! in_array( 2578 $type, 2579 array( 2580 'text/plain', 2581 'text/csv', 2582 'text/richtext', 2583 'text/tsv', 2584 'text/vtt', 2585 ) 2586 ) 2587 ) { 2588 $type = $ext = false; 2589 } 2590 } elseif ( 'text/rtf' === $real_mime ) { 2591 // Special casing for RTF files. 2592 if ( ! in_array( 2593 $type, 2594 array( 2595 'text/rtf', 2596 'text/plain', 2597 'application/rtf', 2598 ) 2599 ) 2600 ) { 2601 $type = $ext = false; 2602 } 2603 } else { 2604 if ( $type !== $real_mime ) { 2605 /* 2606 * Everything else including image/* and application/*: 2607 * If the real content type doesn't match the file extension, assume it's dangerous. 2608 */ 2609 $type = $ext = false; 2610 } 2611 } 2612 } 2613 2614 // The mime type must be allowed 2615 if ( $type ) { 2616 $allowed = get_allowed_mime_types(); 2617 2618 if ( ! in_array( $type, $allowed ) ) { 2619 $type = $ext = false; 2620 } 2505 // Unset values for any unallowed types. 2506 if ( ! wp_is_file_type_allowed( $ext, $type ) ) { 2507 $type = $ext = false; 2621 2508 } 2622 2509 2623 2510 /** … … function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2635 2522 return apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes ); 2636 2523 } 2637 2524 2525 /** 2526 * Determine if this extension and mime pair are safe. 2527 * 2528 * This should only return true if the extenstion and type are both supported together. 2529 * 2530 * @since X.X.X 2531 * 2532 * @param string $ext A file type extension. 2533 * @param string $type A mime type string. 2534 * @return bool Whether the extension and mime type pair is allowed. 2535 */ 2536 function wp_is_file_type_allowed( $ext, $type ) { 2537 $allowed_types = wp_get_allowed_file_types(); 2538 2539 return ( isset( $allowed_types[ $ext ] ) && in_array( $type, $allowed_types[ $ext ] ) ); 2540 } 2541 2542 /** 2543 * Fix the extension on some media filenames based on actual mime type. 2544 * 2545 * @since X.X.X 2546 * 2547 * @param string $filename The filename of the file. 2548 * @param string $type The mime type of the file. 2549 * @return string|false A corrected filename or false if the filename was unchanged. 2550 */ 2551 function wp_maybe_fix_image_extension( $filename, $type ) { 2552 $proper_filename = false; 2553 2554 // Bail early if this isn't an image file. 2555 if ( 0 !== strpos( $type, 'image/' ) ) { 2556 return $proper_filename; 2557 } 2558 2559 /** 2560 * Filters the list mapping image mime types to their respective extensions. 2561 * 2562 * @since 3.0.0 2563 * 2564 * @param array $mime_to_ext Array of image mime types and their matching extensions. 2565 */ 2566 $mime_to_ext = apply_filters( 2567 'getimagesize_mimes_to_exts', 2568 array( 2569 'image/jpeg' => 'jpg', 2570 'image/png' => 'png', 2571 'image/gif' => 'gif', 2572 'image/bmp' => 'bmp', 2573 'image/tiff' => 'tif', 2574 ) 2575 ); 2576 2577 // Replace whatever is after the last period in the filename with the correct extension 2578 if ( ! empty( $mime_to_ext[ $type ] ) ) { 2579 $filename_parts = explode( '.', $filename ); 2580 array_pop( $filename_parts ); 2581 2582 // Only rename files that had an extension to begin with. 2583 if ( ! empty( $filename_parts ) ) { 2584 $filename_parts[] = $mime_to_ext[ $type ]; 2585 $new_filename = implode( '.', $filename_parts ); 2586 2587 if ( $new_filename != $filename ) { 2588 $proper_filename = $new_filename; // Mark that it changed 2589 } 2590 } 2591 } 2592 2593 return $proper_filename; 2594 } 2595 2596 /** 2597 * Return the mime type of a file. 2598 * 2599 * @since X.X.X 2600 * 2601 * @param string $file Full path to the file to be checked. 2602 * @return string The mime type value. Note that 'application/octet-stream' is a generic file. 2603 */ 2604 function wp_get_mime_type( $file ) { 2605 $mime_guessers = array( 2606 'wp_get_image_mime', 2607 'wp_get_file_mime', 2608 ); 2609 2610 /** 2611 * Filters the list of mime guesser callbacks. 2612 * 2613 * Mime guessers are called in priority order, returning the first mime type found. 2614 * When adding a guesser callback, an unknown mime type should be returned as false. 2615 * 2616 * @since X.X.X 2617 * 2618 * @param array $mime_guessers List of supported mime guessing callback functions. 2619 * @param string $file Full path to the file. 2620 */ 2621 apply_filters( 'wp_mime_guessers', $mime_guessers, $file ); 2622 2623 foreach ( $mime_guessers as $guesser ) { 2624 $mime_type = call_user_func( $guesser, $file ); 2625 2626 // Return as soon as we've found a mime type. 2627 if ( $mime_type ) { 2628 return $mime_type; 2629 } 2630 } 2631 2632 // If no mime type was determined, return application/octet-stream. 2633 return 'application/octet-stream'; 2634 } 2635 2638 2636 /** 2639 2637 * Returns the real mime type of an image file. 2640 2638 * … … function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2646 2644 * @return string|false The actual mime type or false if the type cannot be determined. 2647 2645 */ 2648 2646 function wp_get_image_mime( $file ) { 2647 // Determine the filetype 2648 $ext = pathinfo( $file, PATHINFO_EXTENSION ); 2649 $type = wp_ext2type( $ext ); 2650 2651 // Bail early if this isn't a supported image file. 2652 if ( 'image' !== $type ) { 2653 return false; 2654 } 2655 2649 2656 /* 2650 2657 * Use exif_imagetype() to check the mimetype if available or fall back to 2651 2658 * getimagesize() if exif isn't avaialbe. If either function throws an Exception … … function wp_get_image_mime( $file ) { 2659 2666 $imagesize = getimagesize( $file ); 2660 2667 $mime = ( isset( $imagesize['mime'] ) ) ? $imagesize['mime'] : false; 2661 2668 } else { 2669 // Mime can't be determined. 2662 2670 $mime = false; 2663 2671 } 2664 2672 } catch ( Exception $e ) { 2665 2673 $mime = false; 2666 2674 } 2667 2675 2668 return $mime; 2676 // An application/octet-stream value means the value wasn't determined. 2677 return ( 'application/octet-stream' === $mime ) ? false : $mime; 2678 } 2679 2680 /** 2681 * Returns the real mime type of a file. 2682 * 2683 * This depends on finfo_file() to determine real mime types. 2684 * 2685 * @since X.X.X 2686 * 2687 * @param string $file Full path to the file. 2688 * @return string|false The actual mime type or false if the type cannot be determined. 2689 */ 2690 function wp_get_file_mime( $file ) { 2691 // Try to validate the file if we don't have a real mime already. 2692 if ( ! extension_loaded( 'fileinfo' ) ) { 2693 return false; 2694 } 2695 2696 try { 2697 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2698 $mime_type = finfo_file( $finfo, $file ); 2699 finfo_close( $finfo ); 2700 } catch ( Exception $e ) { 2701 $mime_type = false; 2702 } 2703 2704 // An application/octet-stream value means the value wasn't determined. 2705 return ( 'application/octet-stream' === $mime_type ) ? false : $mime_type; 2706 } 2707 2708 /** 2709 * Get a list of extensions and relative mime types. 2710 * 2711 * @since X.X.X 2712 * 2713 * @return array A multidimensional array containing file extensions and mime types. 2714 */ 2715 function wp_get_file_types() { 2716 2717 $mime_map = array( 2718 // Image formats. 2719 'jpg' => array( 2720 'image/jpeg', 2721 'image/pjpeg', 2722 ), 2723 'jpeg' => array( 2724 'image/jpeg', 2725 'image/pjpeg', 2726 ), 2727 'jpe' => array( 2728 'image/jpeg', 2729 'image/pjpeg', 2730 ), 2731 'gif' => array( 2732 'image/gif', 2733 2734 ), 2735 'png' => array( 2736 'image/png', 2737 'image/vnd.mozilla.apng', 2738 ), 2739 'bmp' => array( 2740 'image/bmp', 2741 'image/x-bmp', 2742 'image/x-ms-bmp', 2743 ), 2744 'tiff' => array( 2745 'image/tiff', 2746 ), 2747 'tif' => array( 2748 'image/tiff', 2749 ), 2750 'ico' => array( 2751 'application/ico', 2752 'image/ico', 2753 'image/icon', 2754 'image/vnd.microsoft.icon', 2755 'image/x-ico', 2756 'image/x-icon', 2757 'text/ico', 2758 ), 2759 // Video formats. 2760 'asf' => array( 2761 'application/vnd.ms-asf', 2762 'video/x-ms-asf', 2763 'video/x-ms-asf-plugin', 2764 'video/x-ms-wm', 2765 ), 2766 'asx' => array( 2767 'application/x-ms-asx', 2768 'application/xml', 2769 'audio/x-ms-asx', 2770 'video/x-ms-asf', 2771 'video/x-ms-wax', 2772 'video/x-ms-wmx', 2773 'video/x-ms-wvx', 2774 ), 2775 'wmv' => array( 2776 'application/vnd.ms-asf', 2777 'video/x-ms-asf', 2778 'video/x-ms-wmv', 2779 ), 2780 'wmx' => array( 2781 'application/x-ms-asx', 2782 'audio/x-ms-asx', 2783 'video/x-ms-wax', 2784 'video/x-ms-wmx', 2785 'video/x-ms-wvx', 2786 ), 2787 'wm' => array( 2788 'video/x-ms-wm', 2789 ), 2790 'avi' => array( 2791 'video/avi', 2792 'video/divx', 2793 'video/msvideo', 2794 'video/vnd.divx', 2795 'video/x-avi', 2796 'video/x-msvideo', 2797 ), 2798 'divx' => array( 2799 'video/avi', 2800 'video/divx', 2801 'video/msvideo', 2802 'video/vnd.divx', 2803 'video/x-avi', 2804 'video/x-msvideo', 2805 ), 2806 'flv' => array( 2807 'application/x-flash-video', 2808 'flv-application/octet-stream', 2809 'video/flv', 2810 'video/x-flv', 2811 ), 2812 'mov' => array( 2813 'application/quicktime', 2814 'video/quicktime', 2815 ), 2816 'qt' => array( 2817 'application/quicktime', 2818 'video/quicktime', 2819 ), 2820 'mpeg' => array( 2821 'video/mpeg', 2822 'video/mpeg-system', 2823 'video/x-mpeg', 2824 'video/x-mpeg-system', 2825 'video/x-mpeg2', 2826 ), 2827 'mpg' => array( 2828 'video/mpeg', 2829 'video/mpeg-system', 2830 'video/x-mpeg', 2831 'video/x-mpeg-system', 2832 'video/x-mpeg2', 2833 ), 2834 'mpe' => array( 2835 'video/mpeg', 2836 'video/mpeg-system', 2837 'video/x-mpeg', 2838 'video/x-mpeg-system', 2839 'video/x-mpeg2', 2840 ), 2841 'mp4' => array( 2842 'video/mp4', 2843 'video/mp4v-es', 2844 'video/quicktime', 2845 'video/vnd.objectvideo', 2846 'video/x-m4v', 2847 ), 2848 'm4v' => array( 2849 'video/mp4', 2850 'video/mp4v-es', 2851 'video/x-m4v', 2852 ), 2853 'ogv' => array( 2854 'application/ogg', 2855 'video/ogg', 2856 'video/x-ogg', 2857 ), 2858 'webm' => array( 2859 'application/x-matroska', 2860 'video/webm', 2861 ), 2862 'mkv' => array( 2863 'application/x-matroska', 2864 'video/x-matroska', 2865 ), 2866 '3gp' => array( // Can also be audio 2867 'audio/3gpp', 2868 'audio/3gpp-encrypted', 2869 'audio/x-rn-3gpp-amr', 2870 'audio/x-rn-3gpp-amr-encrypted', 2871 'audio/x-rn-3gpp-amr-wb', 2872 'audio/x-rn-3gpp-amr-wb-encrypted', 2873 'video/3gp', 2874 'video/3gpp', 2875 'video/3gpp-encrypted', 2876 'video/mp4', 2877 ), 2878 '3gpp' => array( // Can also be audio 2879 'audio/3gpp', 2880 'audio/3gpp-encrypted', 2881 'audio/x-rn-3gpp-amr', 2882 'audio/x-rn-3gpp-amr-encrypted', 2883 'audio/x-rn-3gpp-amr-wb', 2884 'audio/x-rn-3gpp-amr-wb-encrypted', 2885 'video/3gp', 2886 'video/3gpp', 2887 'video/3gpp-encrypted', 2888 'video/mp4', 2889 ), 2890 '3g2' => array( // Can also be audio 2891 'audio/3gpp2', 2892 'video/3gpp2', 2893 'video/mp4', 2894 ), 2895 '3gp2' => array( // Can also be audio 2896 'audio/3gpp2', 2897 'video/3gpp2', 2898 'video/mp4', 2899 ), 2900 // Text formats. 2901 'txt' => array( 2902 'text/plain', 2903 'text/prs.fallenstein.rst', 2904 'text/prs.prop.logic', 2905 ), 2906 'asc' => array( 2907 'application/pgp', 2908 'application/pgp-encrypted', 2909 'application/pgp-keys', 2910 'application/pgp-signature', 2911 'text/plain', 2912 ), 2913 'c' => array( 2914 'text/plain', 2915 'text/x-c', 2916 ), 2917 'cc' => array( 2918 'text/plain', 2919 'text/x-c', 2920 'text/x-c++src', 2921 'text/x-csrc', 2922 ), 2923 'h' => array( 2924 'text/plain', 2925 'text/x-c', 2926 ), 2927 'srt' => array( 2928 'application/x-srt', 2929 'application/x-subrip', 2930 'text/plain', 2931 ), 2932 'csv' => array( 2933 'text/csv', 2934 'text/plain', 2935 'text/x-comma-separated-values', 2936 'text/x-csv', 2937 ), 2938 'tsv' => array( 2939 'text/tab-separated-values', 2940 'text/plain', 2941 ), 2942 'ics' => array( 2943 'application/ics', 2944 'text/calendar', 2945 'text/plain', 2946 'text/x-vcalendar', 2947 ), 2948 'rtx' => array( 2949 'text/plain', 2950 'text/richtext', 2951 ), 2952 'css' => array( 2953 'text/css', 2954 'text/plain', 2955 ), 2956 'htm' => array( 2957 'application/xhtml+xml', 2958 'application/xml', 2959 'text/html', 2960 'text/plain', 2961 ), 2962 'html' => array( 2963 'application/vnd.dtg.local.html', 2964 'application/xhtml+xml', 2965 'application/xml', 2966 'text/html', 2967 'text/plain', 2968 ), 2969 'vtt' => array( 2970 'text/plain', 2971 'text/vtt', 2972 ), 2973 // Audio formats. 2974 'mp3' => array( 2975 'audio/mp3', 2976 'audio/mpeg', 2977 'audio/x-mp3', 2978 'audio/x-mpeg', 2979 'audio/x-mpg', 2980 ), 2981 'm4a' => array( 2982 'application/quicktime', 2983 'audio/m4a', 2984 'audio/mp4', 2985 'audio/x-m4a', 2986 'audio/x-mp4a', 2987 ), 2988 'm4b' => array( 2989 'application/quicktime', 2990 'audio/mp4', 2991 'audio/x-m4a', 2992 'audio/x-m4b', 2993 'audio/x-mp4a', 2994 ), 2995 'aac' => array( 2996 'audio/aac', 2997 'audio/x-aac', 2998 'audio/x-hx-aac-adts', 2999 ), 3000 'ra' => array( 3001 'audio/vnd.m-realaudio', 3002 'audio/vnd.rn-realaudio', 3003 'audio/x-pn-realaudio', 3004 'audio/x-realaudio', 3005 ), 3006 'ram' => array( 3007 'application/ram', 3008 'audio/x-pn-realaudio', 3009 'audio/x-realaudio', 3010 ), 3011 'wav' => array( 3012 'audio/vnd.dts', 3013 'audio/vnd.wave', 3014 'audio/wav', 3015 'audio/wave', 3016 'audio/x-wav', 3017 ), 3018 'ogg' => array( // Can also be video. 3019 'application/ogg', 3020 'application/x-ogg', 3021 'audio/ogg', 3022 'audio/vorbis', 3023 'audio/x-flac+ogg', 3024 'audio/x-ogg', 3025 'audio/x-oggflac', 3026 'audio/x-speex+ogg', 3027 'audio/x-vorbis', 3028 'audio/x-vorbis+ogg', 3029 'video/ogg', 3030 'video/x-ogg', 3031 'video/x-theora', 3032 'video/x-theora+ogg', 3033 ), 3034 'oga' => array( 3035 'application/ogg', 3036 'audio/ogg', 3037 'audio/vorbis', 3038 'audio/x-flac+ogg', 3039 'audio/x-ogg', 3040 'audio/x-oggflac', 3041 'audio/x-speex+ogg', 3042 'audio/x-vorbis', 3043 'audio/x-vorbis+ogg', 3044 ), 3045 'flac' => array( 3046 'audio/flac', 3047 'audio/x-flac', 3048 ), 3049 'mid' => array( 3050 'audio/midi', 3051 'audio/sp-midi', 3052 'audio/x-midi', 3053 ), 3054 'midi' => array( 3055 'audio/midi', 3056 'audio/x-midi', 3057 ), 3058 'wma' => array( 3059 'application/vnd.ms-asf', 3060 'audio/wma', 3061 'audio/x-ms-wma', 3062 'video/x-ms-asf', 3063 ), 3064 'wax' => array( 3065 'application/x-ms-asx', 3066 'audio/x-ms-asx', 3067 'audio/x-ms-wax', 3068 'video/x-ms-wax', 3069 'video/x-ms-wmx', 3070 'video/x-ms-wvx', 3071 ), 3072 'mka' => array( 3073 'application/x-matroska', 3074 'audio/x-matroska', 3075 ), 3076 // Misc application formats. 3077 'rtf' => array( 3078 'application/rtf', 3079 'text/plain', 3080 'text/rtf', 3081 ), 3082 'js' => array( 3083 'application/ecmascript', 3084 'application/javascript', 3085 'application/node', 3086 'application/x-javascript', 3087 'text/javascript', 3088 'text/plain', 3089 ), 3090 'pdf' => array( 3091 'application/acrobat', 3092 'application/nappdf', 3093 'application/pdf', 3094 'application/x-pdf', 3095 'image/pdf', 3096 ), 3097 'swf' => array( 3098 'application/futuresplash', 3099 'application/vnd.adobe.flash.movie', 3100 'application/x-shockwave-flash', 3101 ), 3102 'class' => array( 3103 'application/java', 3104 'application/java-byte-code', 3105 'application/java-vm', 3106 'application/vnd.dvb.dvbj', 3107 'application/x-java', 3108 'application/x-java-class', 3109 'application/x-java-vm', 3110 ), 3111 'tar' => array( 3112 'application/x-gtar', 3113 'application/x-tar', 3114 ), 3115 'zip' => array( 3116 'application/vnd.easykaraoke.cdgdownload', 3117 'application/vnd.gov.sk.e-form+zip', 3118 'application/x-zip', 3119 'application/x-zip-compressed', 3120 'application/zip', 3121 ), 3122 'gz' => array( 3123 'application/gzip', 3124 'application/gzip-compressed', 3125 'application/gzipped', 3126 'application/x-gunzip', 3127 'application/x-gzip', 3128 'application/x-gzip-compressed', 3129 'gzip/document', 3130 ), 3131 'gzip' => array( 3132 'application/gzip', 3133 'application/gzip-compressed', 3134 'application/gzipped', 3135 'application/x-gunzip', 3136 'application/x-gzip', 3137 'application/x-gzip-compressed', 3138 'gzip/document', 3139 ), 3140 'rar' => array( 3141 'application/vnd.rar', 3142 'application/x-rar', 3143 'application/x-rar-compressed', 3144 ), 3145 '7z' => array( 3146 'application/x-7z-compressed', 3147 ), 3148 'exe' => array( 3149 'application/x-dosexec', 3150 'application/x-ms-dos-executable', 3151 'application/x-msdownload', 3152 ), 3153 'psd' => array( 3154 'application/photoshop', 3155 'application/x-photoshop', 3156 'image/photoshop', 3157 'image/psd', 3158 'image/vnd.adobe.photoshop', 3159 'image/x-photoshop', 3160 'image/x-psd', 3161 ), 3162 'xcf' => array( 3163 'image/x-xcf', 3164 'image/xcf', 3165 ), 3166 // MS Office formats. 3167 'doc' => array( 3168 'application/msword', 3169 'application/vnd.ms-office', 3170 'application/vnd.ms-word', 3171 'application/x-msword', 3172 'application/x-ole-storage', 3173 'application/xml', 3174 'zz-application/zz-winassoc-doc', 3175 ), 3176 'pot' => array( 3177 'application/mspowerpoint', 3178 'application/powerpoint', 3179 'application/vnd.ms-office', 3180 'application/vnd.ms-powerpoint', 3181 'application/x-mspowerpoint', 3182 'text/plain', 3183 'text/x-gettext-translation-template', 3184 'text/x-pot', 3185 ), 3186 'pps' => array( 3187 'application/mspowerpoint', 3188 'application/powerpoint', 3189 'application/vnd.ms-office', 3190 'application/vnd.ms-powerpoint', 3191 'application/x-mspowerpoint', 3192 ), 3193 'ppt' => array( 3194 'application/mspowerpoint', 3195 'application/powerpoint', 3196 'application/vnd.ms-office', 3197 'application/vnd.ms-powerpoint', 3198 'application/x-mspowerpoint', 3199 ), 3200 'wri' => array( 3201 'application/vnd.ms-write', 3202 'application/x-mswrite', 3203 ), 3204 'xla' => array( 3205 'application/msexcel', 3206 'application/vnd.ms-excel', 3207 'application/vnd.ms-office', 3208 'application/x-msexcel', 3209 'application/xml', 3210 'zz-application/zz-winassoc-xls', 3211 ), 3212 'xls' => array( 3213 'application/msexcel', 3214 'application/vnd.ms-excel', 3215 'application/vnd.ms-office', 3216 'application/x-msexcel', 3217 'application/xml', 3218 'zz-application/zz-winassoc-xls', 3219 ), 3220 'xlt' => array( 3221 'application/msexcel', 3222 'application/vnd.ms-excel', 3223 'application/vnd.ms-office', 3224 'application/x-msexcel', 3225 'application/xml', 3226 'zz-application/zz-winassoc-xls', 3227 ), 3228 'xlw' => array( 3229 'application/msexcel', 3230 'application/vnd.ms-excel', 3231 'application/vnd.ms-office', 3232 'application/x-msexcel', 3233 'application/xml', 3234 'zz-application/zz-winassoc-xls', 3235 ), 3236 'mdb' => array( 3237 'application/mdb', 3238 'application/msaccess', 3239 'application/vnd.ms-access', 3240 'application/vnd.msaccess', 3241 'application/x-mdb', 3242 'application/x-msaccess', 3243 'zz-application/zz-winassoc-mdb', 3244 ), 3245 'mpp' => array( 3246 'application/vnd.ms-project', 3247 'audio/x-musepack', 3248 ), 3249 'docx' => array( 3250 'application/vnd.ms-office', 3251 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 3252 'application/zip', 3253 ), 3254 'docm' => array( 3255 'application/vnd.ms-office', 3256 'application/vnd.ms-word.document.macroenabled.12', 3257 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 3258 'application/xml', 3259 ), 3260 'dotx' => array( 3261 'application/vnd.ms-office', 3262 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 3263 'application/zip', 3264 ), 3265 'dotm' => array( 3266 'application/vnd.ms-office', 3267 'application/vnd.ms-word.template.macroenabled.12', 3268 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 3269 'application/xml', 3270 ), 3271 'xlsx' => array( 3272 'application/vnd.ms-office', 3273 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3274 'application/zip', 3275 ), 3276 'xlsm' => array( 3277 'application/vnd.ms-excel.sheet.macroenabled.12', 3278 'application/vnd.ms-office', 3279 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3280 'application/zip', 3281 ), 3282 'xlsb' => array( 3283 'application/vnd.ms-excel.sheet.binary.macroenabled.12', 3284 'application/vnd.ms-office', 3285 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3286 'application/xml', 3287 ), 3288 'xltx' => array( 3289 'application/vnd.ms-office', 3290 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3291 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 3292 'application/zip', 3293 ), 3294 'xltm' => array( 3295 'application/vnd.ms-excel.template.macroenabled.12', 3296 'application/vnd.ms-office', 3297 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 3298 'application/xml', 3299 ), 3300 'xlam' => array( 3301 'application/vnd.ms-excel.addin.macroenabled.12', 3302 'application/vnd.ms-office', 3303 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3304 'application/xml', 3305 ), 3306 'pptx' => array( 3307 'application/vnd.ms-office', 3308 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 3309 'application/zip', 3310 ), 3311 'pptm' => array( 3312 'application/vnd.ms-office', 3313 'application/vnd.ms-powerpoint.presentation.macroenabled.12', 3314 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 3315 ), 3316 'ppsx' => array( 3317 'application/vnd.ms-office', 3318 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 3319 'application/zip', 3320 ), 3321 'ppsm' => array( 3322 'application/vnd.ms-office', 3323 'application/vnd.ms-powerpoint.slideshow.macroenabled.12', 3324 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 3325 ), 3326 'potx' => array( 3327 'application/vnd.ms-office', 3328 'application/vnd.openxmlformats-officedocument.presentationml.template', 3329 'application/zip', 3330 ), 3331 'potm' => array( 3332 'application/vnd.ms-office', 3333 'application/vnd.ms-powerpoint.template.macroenabled.12', 3334 'application/vnd.openxmlformats-officedocument.presentationml.template', 3335 ), 3336 'ppam' => array( 3337 'application/vnd.ms-office', 3338 'application/vnd.ms-powerpoint.addin.macroenabled.12', 3339 ), 3340 'sldx' => array( 3341 'application/vnd.ms-office', 3342 'application/vnd.openxmlformats-officedocument.presentationml.slide', 3343 'application/zip', 3344 ), 3345 'sldm' => array( 3346 'application/vnd.ms-office', 3347 'application/vnd.ms-powerpoint.slide.macroenabled.12', 3348 'application/vnd.openxmlformats-officedocument.presentationml.slide', 3349 ), 3350 'onetoc' => array( 3351 'application/onenote', 3352 'application/onenoteformatonetoc2', 3353 ), 3354 'onetoc2' => array( 3355 'application/onenote', 3356 'application/onenoteformatonetoc2', 3357 ), 3358 'onetmp' => array( 3359 'application/msonenote', 3360 'application/onenote', 3361 ), 3362 'onepkg' => array( 3363 'application/onenote', 3364 'application/onenoteformatpackage', 3365 'application/vnd.ms-cab-compressed', 3366 ), 3367 'oxps' => array( 3368 'application/oxps', 3369 'application/vnd.ms-xpsdocument', 3370 'application/xps', 3371 'application/zip', 3372 ), 3373 'xps' => array( 3374 'application/oxps', 3375 'application/vnd.ms-xpsdocument', 3376 'application/xps', 3377 'application/zip', 3378 ), 3379 // OpenOffice formats. 3380 'odt' => array( 3381 'application/vnd.oasis.opendocument.text', 3382 'application/x-vnd.oasis.opendocument.text', 3383 'application/zip', 3384 ), 3385 'odp' => array( 3386 'application/vnd.oasis.opendocument.presentation', 3387 'application/x-vnd.oasis.opendocument.presentation', 3388 'application/zip', 3389 ), 3390 'ods' => array( 3391 'application/vnd.oasis.opendocument.spreadsheet', 3392 'application/x-vnd.oasis.opendocument.spreadsheet', 3393 'application/zip', 3394 ), 3395 'odg' => array( 3396 'application/vnd.oasis.opendocument.graphics', 3397 'application/x-vnd.oasis.opendocument.graphics', 3398 'application/zip', 3399 ), 3400 'odc' => array( 3401 'application/vnd.oasis.opendocument.chart', 3402 'application/x-vnd.oasis.opendocument.chart', 3403 'application/zip', 3404 ), 3405 'odb' => array( 3406 'application/vnd.oasis.opendocument.base', 3407 'application/vnd.oasis.opendocument.database', 3408 'application/vnd.sun.xml.base', 3409 'application/zip', 3410 ), 3411 'odf' => array( 3412 'application/vnd.oasis.opendocument.formula', 3413 'application/x-vnd.oasis.opendocument.formula', 3414 'application/zip', 3415 ), 3416 // WordPerfect formats. 3417 'wp' => array( 3418 'application/vnd.wordperfect', 3419 'application/wordperfect', 3420 'application/x-wordperfect', 3421 ), 3422 'wpd' => array( 3423 'application/vnd.wordperfect', 3424 'application/wordperfect', 3425 'application/x-wordperfect', 3426 ), 3427 // iWork formats. 3428 'key' => array( 3429 'application/vnd.apple.iwork', 3430 'application/vnd.apple.keynote', 3431 'application/x-iwork-keynote-sffkey', 3432 'application/zip', 3433 ), 3434 'numbers' => array( 3435 'application/vnd.apple.iwork', 3436 'application/vnd.apple.numbers', 3437 ), 3438 'pages' => array( 3439 'application/vnd.apple.iwork', 3440 'application/vnd.apple.pages', 3441 ), 3442 ); 3443 3444 // Backwards compatibility for plugins/themes adding mime types. 3445 $extra_mimes = array(); 3446 3447 // Handle code filtering the old mime type list. 3448 if ( has_filter( 'mime_types' ) ) { 3449 /** 3450 * Documented in wp_get_mime_types(); 3451 * 3452 * Used to get the return value of anything added via the filter. 3453 */ 3454 $extra_mimes = apply_filters( 'mime_types', $extra_mimes ); 3455 } 3456 3457 // Many plugins add mimes via the 'upload_mimes' filter. 3458 if ( has_filter( 'upload_mimes' ) ) { 3459 /** 3460 * Documented in get_allowed_mime_types(); 3461 * 3462 * Used to get the return value of anything added via the filter. 3463 */ 3464 $extra_mimes = apply_filters( 'upload_mimes', $extra_mimes, null ); 3465 } 3466 3467 /* 3468 * Loop through any extra mimes added via filters and convert them 3469 * to the new multidimentional array format. 3470 */ 3471 foreach ( $extra_mimes as $ext_preg => $mime_val ) { 3472 // Convert any regex patterns to an array of extensions. 3473 $extensions = explode( '|', $ext_preg ); 3474 3475 // Add extra mimes to the extension, whether it exists or not. 3476 foreach ( $extensions as $ext ) { 3477 $mime_map[ $ext ][] = $mime_val; 3478 } 3479 } 3480 3481 /** 3482 * Filters the list of file extensions and mime types. 3483 * 3484 * This filter should be used to add, not remove, mime types. To remove 3485 * mime types, use the {@see 'wp_allowed_mimes'} filter. 3486 * 3487 * @since X.X.X 3488 * 3489 * @param array $mime_map File extensions and their corresponding mime types. 3490 * 3491 */ 3492 return apply_filters( 'wp_file_types', $mime_map ); 2669 3493 } 2670 3494 2671 3495 /** … … function wp_get_image_mime( $file ) { 2673 3497 * 2674 3498 * @since 3.5.0 2675 3499 * @since 4.2.0 Support was added for GIMP (xcf) files. 3500 * @deprecated X.X.X Use wp_get_file_types() 3501 * @see wp_get_file_types() 3502 2676 3503 * 2677 3504 * @return array Array of mime types keyed by the file extension regex corresponding to those types. 2678 3505 */ 2679 3506 function wp_get_mime_types() { 3507 // _deprecated_function( __FUNCTION__, 'X.X.X', 'wp_get_file_types()' ); 3508 2680 3509 /** 2681 3510 * Filters the list of mime types and file extensions. 2682 3511 * … … function wp_get_ext_types() { 2831 3660 ); 2832 3661 } 2833 3662 3663 /** 3664 * Retrieve list of allowed file types and corresponding mime types. 3665 * 3666 * @since X.X.X 3667 * 3668 * @param int|WP_User $user Optional. User to check. Defaults to current user. 3669 * @return array Array of mime types keyed by the file extension regex corresponding 3670 * to those types. 3671 */ 3672 function wp_get_allowed_file_types( $user = null ) { 3673 $mimes = wp_get_file_types(); 3674 3675 // Flash and executables are never allowed. 3676 unset( $mimes['swf'], $mimes['exe'] ); 3677 3678 // See if the user has unfiltered_html capabilities. 3679 $unfiltered_html = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); 3680 3681 // Apply extension restrictions for users without 'unfiltered_html' caps. 3682 if ( ! $unfiltered_html ) { 3683 unset( $mimes['htm'], $mimes['html'], $mimes['js'] ); 3684 } 3685 3686 /** 3687 * Filters list of allowed mime types and file extensions. 3688 * 3689 * @since X.X.X 3690 * 3691 * @param array $mimes List of allowed file types by extension and corresponding mime 3692 * types that are supported for each extension. Note that 'swf' 3693 * and 'exe' are never supported. 'htm', 'html', and 'js' are only 3694 * supported for users with unfiltered_html capabilities. 3695 * @param int|WP_User|null $user User ID, User object or null if not provided (indicates current user). 3696 */ 3697 return apply_filters( 'wp_allowed_file_types', $mimes, $user ); 3698 } 3699 2834 3700 /** 2835 3701 * Retrieve list of allowed mime types and file extensions. 2836 3702 * … … function wp_get_ext_types() { 2841 3707 * to those types. 2842 3708 */ 2843 3709 function get_allowed_mime_types( $user = null ) { 3710 // _deprecated_function( __FUNCTION__, 'X.X.X', 'wp_get_allowed_file_types()' ); 3711 2844 3712 $t = wp_get_mime_types(); 2845 3713 2846 3714 unset( $t['swf'], $t['exe'] ); -
new file tests/phpunit/data/uploads/test.gpx
diff --git tests/phpunit/data/uploads/test.gpx tests/phpunit/data/uploads/test.gpx new file mode 100644 index 0000000000..de06c36008
- + 1 <?xml version="1.0" encoding="UTF-8"?> 2 <gpx version="1.0"> 3 <name>Example gpx</name> 4 <wpt lat="46.57638889" lon="8.89263889"> 5 <ele>2372</ele> 6 <name>LAGORETICO</name> 7 </wpt> 8 <trk><name>Example gpx</name><number>1</number><trkseg> 9 <trkpt lat="46.57608333" lon="8.89241667"><ele>2376</ele><time>2007-10-14T10:09:57Z</time></trkpt> 10 <trkpt lat="46.57619444" lon="8.89252778"><ele>2375</ele><time>2007-10-14T10:10:52Z</time></trkpt> 11 <trkpt lat="46.57641667" lon="8.89266667"><ele>2372</ele><time>2007-10-14T10:12:39Z</time></trkpt> 12 <trkpt lat="46.57650000" lon="8.89280556"><ele>2373</ele><time>2007-10-14T10:13:12Z</time></trkpt> 13 <trkpt lat="46.57638889" lon="8.89302778"><ele>2374</ele><time>2007-10-14T10:13:20Z</time></trkpt> 14 <trkpt lat="46.57652778" lon="8.89322222"><ele>2375</ele><time>2007-10-14T10:13:48Z</time></trkpt> 15 <trkpt lat="46.57661111" lon="8.89344444"><ele>2376</ele><time>2007-10-14T10:14:08Z</time></trkpt> 16 </trkseg></trk> 17 </gpx> 18 No newline at end of file -
tests/phpunit/tests/functions.php
diff --git tests/phpunit/tests/functions.php tests/phpunit/tests/functions.php index dd908dfcf7..4aed1b4f61 100644
class Tests_Functions extends WP_UnitTestCase { 1159 1159 1160 1160 /** 1161 1161 * @ticket 39550 1162 * @dataProvider _wp_check_filetype_and_ext_data 1162 * @group mimes 1163 * @dataProvider _wp_check_filetype_and_ext_data_allowed 1163 1164 */ 1164 function test_wp_check_filetype_and_ext ( $file, $filename, $expected ) {1165 function test_wp_check_filetype_and_ext_allowed( $file, $filename, $expected ) { 1165 1166 if ( ! extension_loaded( 'fileinfo' ) ) { 1166 1167 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1167 1168 } 1168 1169 1169 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1170 } 1171 1172 /** 1173 * @ticket 39550 1174 * @group ms-excluded 1175 */ 1176 function test_wp_check_filetype_and_ext_with_filtered_svg() { 1177 if ( ! extension_loaded( 'fileinfo' ) ) { 1178 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1179 } 1180 1181 $file = DIR_TESTDATA . '/uploads/video-play.svg'; 1182 $filename = 'video-play.svg'; 1183 1184 $expected = array( 1185 'ext' => 'svg', 1186 'type' => 'image/svg+xml', 1187 'proper_filename' => false, 1188 ); 1189 1190 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1191 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1192 1193 // Cleanup. 1194 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_svg' ) ); 1195 } 1196 1197 /** 1198 * @ticket 39550 1199 * @group ms-excluded 1200 */ 1201 function test_wp_check_filetype_and_ext_with_filtered_woff() { 1202 if ( ! extension_loaded( 'fileinfo' ) ) { 1203 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1204 } 1205 1206 $file = DIR_TESTDATA . '/uploads/dashicons.woff'; 1207 $filename = 'dashicons.woff'; 1208 1209 $expected = array( 1210 'ext' => 'woff', 1211 'type' => 'application/font-woff', 1212 'proper_filename' => false, 1213 ); 1214 1215 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1216 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1217 1218 // Cleanup. 1219 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_woff' ) ); 1220 } 1170 $wp_check_file = wp_check_filetype_and_ext( $file, $filename ); 1171 $types = wp_get_file_types(); 1221 1172 1222 public function _filter_mime_types_svg( $mimes ) { 1223 $mimes['svg'] = 'image/svg+xml'; 1224 return $mimes; 1225 } 1173 // Check that the extension and proper_filename are what we expect. 1174 $this->assertEquals( $expected['ext'], $wp_check_file['ext'], 'Extension does not match.' ); 1175 $this->assertEquals( $expected['proper_filename'], $wp_check_file['proper_filename'], 'File not named correctly.' ); 1226 1176 1227 public function _filter_mime_types_woff( $mimes ) { 1228 $mimes['woff'] = 'application/font-woff'; 1229 return $mimes; 1177 // Test that the actual file type is in the list of expected file types for that extension. 1178 $this->assertTrue( in_array( $wp_check_file['type'], $types[ $expected['ext'] ], true ), 'This filetype is not allowed.' ); 1230 1179 } 1231 1180 1232 /** 1233 * Data provider for test_wp_get_image_mime(); 1234 */ 1235 public function _wp_get_image_mime() { 1236 $data = array( 1237 // Standard JPEG. 1238 array( 1239 DIR_TESTDATA . '/images/test-image.jpg', 1240 'image/jpeg', 1241 ), 1242 // Standard GIF. 1243 array( 1244 DIR_TESTDATA . '/images/test-image.gif', 1245 'image/gif', 1246 ), 1247 // Standard PNG. 1248 array( 1249 DIR_TESTDATA . '/images/test-image.png', 1250 'image/png', 1251 ), 1252 // Image with wrong extension. 1253 array( 1254 DIR_TESTDATA . '/images/test-image-mime-jpg.png', 1255 'image/jpeg', 1256 ), 1257 // Not an image. 1258 array( 1259 DIR_TESTDATA . '/uploads/dashicons.woff', 1260 false, 1261 ), 1262 ); 1263 1264 return $data; 1265 } 1266 1267 public function _wp_check_filetype_and_ext_data() { 1181 public function _wp_check_filetype_and_ext_data_allowed() { 1268 1182 $data = array( 1269 1183 // Standard image. 1270 1184 array( … … class Tests_Functions extends WP_UnitTestCase { 1286 1200 'proper_filename' => 'test-image-mime-jpg.jpg', 1287 1201 ), 1288 1202 ), 1289 // Image without extension. 1290 array( 1291 DIR_TESTDATA . '/images/test-image-no-extension', 1292 'test-image-no-extension', 1293 array( 1294 'ext' => false, 1295 'type' => false, 1296 'proper_filename' => false, 1297 ), 1298 ), 1299 // Valid non-image file with an image extension. 1300 array( 1301 DIR_TESTDATA . '/formatting/big5.txt', 1302 'big5.jpg', 1303 array( 1304 'ext' => false, 1305 'type' => false, 1306 'proper_filename' => false, 1307 ), 1308 ), 1309 // Non-image file not allowed. 1203 // Assorted text/* sample files 1310 1204 array( 1311 DIR_TESTDATA . '/ export/crazy-cdata.xml',1312 ' crazy-cdata.xml',1205 DIR_TESTDATA . '/uploads/test.vtt', 1206 'test.vtt', 1313 1207 array( 1314 'ext' => false,1315 'type' => false,1208 'ext' => 'vtt', 1209 'type' => 'text/vtt', 1316 1210 'proper_filename' => false, 1317 1211 ), 1318 1212 ), 1319 // Non-image file not allowed even if it's named like one.1320 1213 array( 1321 DIR_TESTDATA . '/ export/crazy-cdata.xml',1322 ' crazy-cdata.jpg',1214 DIR_TESTDATA . '/uploads/test.csv', 1215 'test.csv', 1323 1216 array( 1324 'ext' => false, 1325 'type' => false, 1326 'proper_filename' => false, 1327 ), 1328 ), 1329 // Non-image file not allowed if it's named like something else. 1330 array( 1331 DIR_TESTDATA . '/export/crazy-cdata.xml', 1332 'crazy-cdata.doc', 1333 array( 1334 'ext' => false, 1335 'type' => false, 1336 'proper_filename' => false, 1337 ), 1338 ), 1339 // Non-image file not allowed even if it's named like one. 1340 array( 1341 DIR_TESTDATA . '/export/crazy-cdata.xml', 1342 'crazy-cdata.jpg', 1343 array( 1344 'ext' => false, 1345 'type' => false, 1346 'proper_filename' => false, 1347 ), 1348 ), 1349 // Non-image file not allowed if it's named like something else. 1350 array( 1351 DIR_TESTDATA . '/export/crazy-cdata.xml', 1352 'crazy-cdata.doc', 1353 array( 1354 'ext' => false, 1355 'type' => false, 1217 'ext' => 'csv', 1218 'type' => 'text/csv', 1356 1219 'proper_filename' => false, 1357 1220 ), 1358 1221 ), … … class Tests_Functions extends WP_UnitTestCase { 1429 1292 return $data; 1430 1293 } 1431 1294 1295 /** 1296 * @ticket 39550 1297 * @group mimes 1298 * @dataProvider _wp_check_filetype_and_ext_data_unallowed 1299 */ 1300 function test_wp_check_filetype_and_ext_unallowed( $file, $filename ) { 1301 if ( ! extension_loaded( 'fileinfo' ) ) { 1302 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1303 } 1304 1305 $expected = array( 1306 'ext' => false, 1307 'type' => false, 1308 'proper_filename' => false, 1309 ); 1310 1311 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1312 } 1313 1314 public function _wp_check_filetype_and_ext_data_unallowed() { 1315 $data = array( 1316 // Image without extension. 1317 array( 1318 DIR_TESTDATA . '/images/test-image-no-extension', 1319 'test-image-no-extension', 1320 ), 1321 // Valid non-image file with an image extension. 1322 array( 1323 DIR_TESTDATA . '/formatting/big5.txt', 1324 'big5.jpg', 1325 ), 1326 // DFXP files removed in WordPress 5.1.0 1327 array( 1328 DIR_TESTDATA . '/uploads/test.dfxp', 1329 'test.dfxp', 1330 ), 1331 // Non-image file not allowed. 1332 array( 1333 DIR_TESTDATA . '/export/crazy-cdata.xml', 1334 'crazy-cdata.xml', 1335 ), 1336 // Non-image file not allowed even if it's named like one. 1337 array( 1338 DIR_TESTDATA . '/export/crazy-cdata.xml', 1339 'crazy-cdata.jpg', 1340 ), 1341 // Non-image file not allowed if it's named like something else. 1342 array( 1343 DIR_TESTDATA . '/export/crazy-cdata.xml', 1344 'crazy-cdata.doc', 1345 ), 1346 // Non-image file not allowed even if it's named like one. 1347 array( 1348 DIR_TESTDATA . '/export/crazy-cdata.xml', 1349 'crazy-cdata.jpg', 1350 ), 1351 // Non-image file not allowed if it's named like something else. 1352 array( 1353 DIR_TESTDATA . '/export/crazy-cdata.xml', 1354 'crazy-cdata.doc', 1355 ), 1356 // Non-image file not allowed even if it's named like one. 1357 array( 1358 DIR_TESTDATA . '/export/crazy-cdata.xml', 1359 'crazy-cdata.jpg', 1360 ), 1361 // Non-image file not allowed if it's named like something else. 1362 array( 1363 DIR_TESTDATA . '/export/crazy-cdata.xml', 1364 'crazy-cdata.doc', 1365 ), 1366 ); 1367 1368 return $data; 1369 } 1370 1371 /** 1372 * @ticket 39550 1373 * @group mimes 1374 * @group ms-excluded 1375 */ 1376 function test_wp_check_filetype_and_ext_with_filtered_svg() { 1377 if ( ! extension_loaded( 'fileinfo' ) ) { 1378 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1379 } 1380 1381 $file = DIR_TESTDATA . '/uploads/video-play.svg'; 1382 $filename = 'video-play.svg'; 1383 1384 $expected = array( 1385 'ext' => 'svg', 1386 'type' => 'image/svg+xml', 1387 'proper_filename' => false, 1388 ); 1389 1390 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1391 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1392 1393 // Cleanup. 1394 remove_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1395 } 1396 1397 public function _filter_mime_types_svg( $mimes ) { 1398 $mimes['svg'] = 'image/svg+xml'; 1399 return $mimes; 1400 } 1401 1402 /** 1403 * @ticket 39550 1404 * @group mimes 1405 * @group ms-excluded 1406 */ 1407 function test_wp_check_filetype_and_ext_with_filtered_woff() { 1408 if ( ! extension_loaded( 'fileinfo' ) ) { 1409 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1410 } 1411 1412 $file = DIR_TESTDATA . '/uploads/dashicons.woff'; 1413 $filename = 'dashicons.woff'; 1414 1415 $expected = array( 1416 'ext' => 'woff', 1417 'type' => 'application/font-woff', 1418 'proper_filename' => false, 1419 ); 1420 1421 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1422 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1423 1424 // Cleanup. 1425 remove_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1426 } 1427 1428 public function _filter_mime_types_woff( $mimes ) { 1429 $mimes['woff'] = 'application/font-woff'; 1430 return $mimes; 1431 } 1432 1433 /** 1434 * @group ms-excluded 1435 * @group mimes 1436 * @ticket 40175 1437 * @ticket 45615 1438 */ 1439 function test_wp_check_filetype_and_ext_with_filtered_gpx() { 1440 if ( ! extension_loaded( 'fileinfo' ) ) { 1441 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1442 } 1443 1444 $file = DIR_TESTDATA . '/uploads/test.gpx'; 1445 $filename = 'test.gpx'; 1446 1447 add_filter( 'wp_file_types', array( $this, '_filter_mime_types_gpx' ) ); 1448 1449 $wp_check_file = wp_check_filetype_and_ext( $file, $filename ); 1450 $types = wp_get_file_types(); 1451 1452 // Check that the extension and proper_filename are what we expect. 1453 $this->assertEquals( 'gpx', $wp_check_file['ext'], 'Extension does not match.' ); 1454 $this->assertFalse( $wp_check_file['proper_filename'], 'File not named correctly.' ); 1455 1456 // Test that the actual file type is in the list of expected file types for that extension. 1457 $this->assertTrue( in_array( $wp_check_file['type'], $types['gpx'], true ), 'This filetype is not allowed.' ); 1458 1459 // Cleanup. 1460 remove_filter( 'wp_file_types', array( $this, '_filter_mime_types_gpx' ) ); 1461 } 1462 1463 public function _filter_mime_types_gpx( $mimes ) { 1464 $mimes['gpx'] = [ 1465 'application/xml', 1466 'text/xml', 1467 ]; 1468 1469 return $mimes; 1470 } 1471 1472 /** 1473 * Data provider for test_wp_get_image_mime(); 1474 */ 1475 public function _wp_get_image_mime() { 1476 $data = array( 1477 // Standard JPEG. 1478 array( 1479 DIR_TESTDATA . '/images/test-image.jpg', 1480 'image/jpeg', 1481 ), 1482 // Standard GIF. 1483 array( 1484 DIR_TESTDATA . '/images/test-image.gif', 1485 'image/gif', 1486 ), 1487 // Standard PNG. 1488 array( 1489 DIR_TESTDATA . '/images/test-image.png', 1490 'image/png', 1491 ), 1492 // Image with wrong extension. 1493 array( 1494 DIR_TESTDATA . '/images/test-image-mime-jpg.png', 1495 'image/jpeg', 1496 ), 1497 // Not an image. 1498 array( 1499 DIR_TESTDATA . '/uploads/dashicons.woff', 1500 false, 1501 ), 1502 ); 1503 1504 return $data; 1505 } 1506 1432 1507 /** 1433 1508 * Test file path validation 1434 1509 *