Ticket #40175: 40175.5.diff
| File 40175.5.diff, 47.9 KB (added by , 7 years ago) |
|---|
-
src/wp-includes/functions.php
diff --git src/wp-includes/functions.php src/wp-includes/functions.php index b00a47c1d8..7453f07c53 100644
function wp_check_filetype( $filename, $mimes = null ) { 2474 2474 * @param string $file Full path to the file. 2475 2475 * @param string $filename The name of the file (may differ from $file due to $file being 2476 2476 * in a tmp directory). 2477 * @param array $mimesOptional. Key is the file extension with value as the mime type.2477 * @param array $mimes Optional. Key is the file extension with value as the mime type. 2478 2478 * @return array Values for the extension, MIME, and either a corrected filename or false 2479 2479 * if original $filename is valid. 2480 2480 */ 2481 2481 function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2482 $proper_filename = false; 2483 2484 // Do basic extension validation and MIME mapping 2485 $wp_filetype = wp_check_filetype( $filename, $mimes ); 2486 $ext = $wp_filetype['ext']; 2487 $type = $wp_filetype['type']; 2488 2489 // We can't do any further validation without a file to work with 2482 /* 2483 * We can't do any further validation without a file to work with. 2484 * In the future, consider deprecating and returning a WP_Error instead. 2485 */ 2490 2486 if ( ! file_exists( $file ) ) { 2487 $wp_filetype = wp_check_filetype( $filename, $mimes ); 2488 $ext = $wp_filetype['ext']; 2489 $type = $wp_filetype['type']; 2490 $proper_filename = false; 2491 2491 return compact( 'ext', 'type', 'proper_filename' ); 2492 2492 } 2493 2493 2494 $real_mime = false; 2495 2496 // Validate image types. 2497 if ( $type && 0 === strpos( $type, 'image/' ) ) { 2498 2499 // Attempt to figure out what type of image it actually is 2500 $real_mime = wp_get_image_mime( $file ); 2501 2502 if ( $real_mime && $real_mime != $type ) { 2503 /** 2504 * Filters the list mapping image mime types to their respective extensions. 2505 * 2506 * @since 3.0.0 2507 * 2508 * @param array $mime_to_ext Array of image mime types and their matching extensions. 2509 */ 2510 $mime_to_ext = apply_filters( 2511 'getimagesize_mimes_to_exts', 2512 array( 2513 'image/jpeg' => 'jpg', 2514 'image/png' => 'png', 2515 'image/gif' => 'gif', 2516 'image/bmp' => 'bmp', 2517 'image/tiff' => 'tif', 2518 ) 2519 ); 2494 $ext = pathinfo( $filename, PATHINFO_EXTENSION ); 2520 2495 2521 // Replace whatever is after the last period in the filename with the correct extension 2522 if ( ! empty( $mime_to_ext[ $real_mime ] ) ) { 2523 $filename_parts = explode( '.', $filename ); 2524 array_pop( $filename_parts ); 2525 $filename_parts[] = $mime_to_ext[ $real_mime ]; 2526 $new_filename = implode( '.', $filename_parts ); 2496 /* 2497 * Backwards compatability for overriding the $mimes list. 2498 * This short-circuits real mime checks, so use with caution. 2499 */ 2500 if ( ! empty( $mimes ) ) { 2501 $type = ( isset( $mimes[ $ext ] ) ) ? $mimes[ $ext ] : false; 2502 $ext = ( ! empty( $type ) ) ? $ext : false; 2503 $proper_filename = false; 2527 2504 2528 if ( $new_filename != $filename ) { 2529 $proper_filename = $new_filename; // Mark that it changed 2530 } 2531 // Redefine the extension / MIME 2532 $wp_filetype = wp_check_filetype( $new_filename, $mimes ); 2533 $ext = $wp_filetype['ext']; 2534 $type = $wp_filetype['type']; 2535 } else { 2536 // Reset $real_mime and try validating again. 2537 $real_mime = false; 2538 } 2539 } 2505 return compact( 'ext', 'type', 'proper_filename' ); 2540 2506 } 2541 2507 2542 // Validate files that didn't get validated during previous checks. 2543 if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { 2544 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2545 $real_mime = finfo_file( $finfo, $file ); 2546 finfo_close( $finfo ); 2508 $type = wp_get_mime_type( $file ); 2547 2509 2548 // fileinfo often misidentifies obscure files as one of these types 2549 $nonspecific_types = array( 2550 'application/octet-stream', 2551 'application/encrypted', 2552 'application/CDFV2-encrypted', 2553 'application/zip', 2554 ); 2510 // Attempt to correct the extension of image files. 2511 $proper_filename = wp_maybe_fix_image_extension( $filename, $type ); 2555 2512 2556 /* 2557 * If $real_mime doesn't match the content type we're expecting from the file's extension, 2558 * we need to do some additional vetting. Media types and those listed in $nonspecific_types are 2559 * allowed some leeway, but anything else must exactly match the real content type. 2560 */ 2561 if ( in_array( $real_mime, $nonspecific_types, true ) ) { 2562 // File is a non-specific binary type. That's ok if it's a type that generally tends to be binary. 2563 if ( ! in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ) ) ) { 2564 $type = $ext = false; 2565 } 2566 } elseif ( 0 === strpos( $real_mime, 'video/' ) || 0 === strpos( $real_mime, 'audio/' ) ) { 2567 /* 2568 * For these types, only the major type must match the real value. 2569 * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip, 2570 * and some media files are commonly named with the wrong extension (.mov instead of .mp4) 2571 */ 2572 if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) { 2573 $type = $ext = false; 2574 } 2575 } elseif ( 'text/plain' === $real_mime ) { 2576 // A few common file types are occasionally detected as text/plain; allow those. 2577 if ( ! in_array( 2578 $type, 2579 array( 2580 'text/plain', 2581 'text/csv', 2582 'text/richtext', 2583 'text/tsv', 2584 'text/vtt', 2585 ) 2586 ) 2587 ) { 2588 $type = $ext = false; 2589 } 2590 } elseif ( 'text/rtf' === $real_mime ) { 2591 // Special casing for RTF files. 2592 if ( ! in_array( 2593 $type, 2594 array( 2595 'text/rtf', 2596 'text/plain', 2597 'application/rtf', 2598 ) 2599 ) 2600 ) { 2601 $type = $ext = false; 2602 } 2603 } else { 2604 if ( $type !== $real_mime ) { 2605 /* 2606 * Everything else including image/* and application/*: 2607 * If the real content type doesn't match the file extension, assume it's dangerous. 2608 */ 2609 $type = $ext = false; 2610 } 2611 } 2513 // Update the extension if the file is renamed. 2514 if ( $proper_filename ) { 2515 $ext = pathinfo( $proper_filename, PATHINFO_EXTENSION ); 2612 2516 } 2613 2517 2614 // The mime type must be allowed 2615 if ( $type ) { 2616 $allowed = get_allowed_mime_types(); 2617 2618 if ( ! in_array( $type, $allowed ) ) { 2619 $type = $ext = false; 2620 } 2518 // Unset values for any unallowed types. 2519 if ( ! wp_is_file_type_allowed( $ext, $type ) ) { 2520 $type = $ext = false; 2621 2521 } 2622 2522 2623 2523 /** … … function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2635 2535 return apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes ); 2636 2536 } 2637 2537 2538 /** 2539 * Determine if this extension and mime pair are safe. 2540 * 2541 * This should only return true if the extenstion and type are both supported together. 2542 * 2543 * @since X.X.X 2544 * 2545 * @param string $ext A file type extension. 2546 * @param string $type A mime type string. 2547 * @return bool Whether the extension and mime type pair is allowed. 2548 */ 2549 function wp_is_file_type_allowed( $ext, $type ) { 2550 $allowed_types = wp_get_allowed_file_types(); 2551 2552 return ( isset( $allowed_types[ $ext ] ) && in_array( $type, $allowed_types[ $ext ] ) ); 2553 } 2554 2555 /** 2556 * Fix the extension on some media filenames based on actual mime type. 2557 * 2558 * @since X.X.X 2559 * 2560 * @param string $filename The filename of the file. 2561 * @param string $type The mime type of the file. 2562 * @return string|false A corrected filename or false if the filename was unchanged. 2563 */ 2564 function wp_maybe_fix_image_extension( $filename, $type ) { 2565 $proper_filename = false; 2566 2567 // Bail early if this isn't an image file. 2568 if ( 0 !== strpos( $type, 'image/' ) ) { 2569 return $proper_filename; 2570 } 2571 2572 /** 2573 * Filters the list mapping image mime types to their respective extensions. 2574 * 2575 * @since 3.0.0 2576 * 2577 * @param array $mime_to_ext Array of image mime types and their matching extensions. 2578 */ 2579 $mime_to_ext = apply_filters( 2580 'getimagesize_mimes_to_exts', 2581 array( 2582 'image/jpeg' => 'jpg', 2583 'image/png' => 'png', 2584 'image/gif' => 'gif', 2585 'image/bmp' => 'bmp', 2586 'image/tiff' => 'tif', 2587 ) 2588 ); 2589 2590 // Replace whatever is after the last period in the filename with the correct extension 2591 if ( ! empty( $mime_to_ext[ $type ] ) ) { 2592 $filename_parts = explode( '.', $filename ); 2593 array_pop( $filename_parts ); 2594 2595 // Only rename files that had an extension to begin with. 2596 if ( ! empty( $filename_parts ) ) { 2597 $filename_parts[] = $mime_to_ext[ $type ]; 2598 $new_filename = implode( '.', $filename_parts ); 2599 2600 if ( $new_filename != $filename ) { 2601 $proper_filename = $new_filename; // Mark that it changed 2602 } 2603 } 2604 } 2605 2606 return $proper_filename; 2607 } 2608 2609 /** 2610 * Return the mime type of a file. 2611 * 2612 * @since X.X.X 2613 * 2614 * @param string $file Full path to the file to be checked. 2615 * @return string The mime type value. Note that 'application/octet-stream' is a generic file. 2616 */ 2617 function wp_get_mime_type( $file ) { 2618 $mime_guessers = array( 2619 'wp_get_image_mime', 2620 'wp_get_file_mime', 2621 ); 2622 2623 /** 2624 * Filters the list of mime guesser callbacks. 2625 * 2626 * Mime guessers are called in priority order, returning the first mime type found. 2627 * When adding a guesser callback, an unknown mime type should be returned as false. 2628 * 2629 * @since X.X.X 2630 * 2631 * @param array $mime_guessers List of supported mime guessing callback functions. 2632 * @param string $file Full path to the file. 2633 */ 2634 apply_filters( 'wp_mime_guessers', $mime_guessers, $file ); 2635 2636 foreach ( $mime_guessers as $guesser ) { 2637 $mime_type = call_user_func( $guesser, $file ); 2638 2639 // Return as soon as we've found a mime type. 2640 if ( $mime_type ) { 2641 return $mime_type; 2642 } 2643 } 2644 2645 // If no mime type was determined, return application/octet-stream. 2646 return 'application/octet-stream'; 2647 } 2648 2638 2649 /** 2639 2650 * Returns the real mime type of an image file. 2640 2651 * … … function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { 2646 2657 * @return string|false The actual mime type or false if the type cannot be determined. 2647 2658 */ 2648 2659 function wp_get_image_mime( $file ) { 2660 // Determine the filetype 2661 $ext = pathinfo( $file, PATHINFO_EXTENSION ); 2662 $type = wp_ext2type( $ext ); 2663 2664 // Bail early if this isn't a supported image file. 2665 if ( 'image' !== $type ) { 2666 return false; 2667 } 2668 2649 2669 /* 2650 2670 * Use exif_imagetype() to check the mimetype if available or fall back to 2651 2671 * getimagesize() if exif isn't avaialbe. If either function throws an Exception … … function wp_get_image_mime( $file ) { 2659 2679 $imagesize = getimagesize( $file ); 2660 2680 $mime = ( isset( $imagesize['mime'] ) ) ? $imagesize['mime'] : false; 2661 2681 } else { 2682 // Mime can't be determined. 2662 2683 $mime = false; 2663 2684 } 2664 2685 } catch ( Exception $e ) { 2665 2686 $mime = false; 2666 2687 } 2667 2688 2668 return $mime; 2689 // An application/octet-stream value means the value wasn't determined. 2690 return ( 'application/octet-stream' === $mime ) ? false : $mime; 2691 } 2692 2693 /** 2694 * Returns the real mime type of a file. 2695 * 2696 * This depends on finfo_file() to determine real mime types. 2697 * 2698 * @since X.X.X 2699 * 2700 * @param string $file Full path to the file. 2701 * @return string|false The actual mime type or false if the type cannot be determined. 2702 */ 2703 function wp_get_file_mime( $file ) { 2704 // Try to validate the file if we don't have a real mime already. 2705 if ( ! extension_loaded( 'fileinfo' ) ) { 2706 return false; 2707 } 2708 2709 try { 2710 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2711 $mime_type = finfo_file( $finfo, $file ); 2712 finfo_close( $finfo ); 2713 } catch ( Exception $e ) { 2714 $mime_type = false; 2715 } 2716 2717 // An application/octet-stream value means the value wasn't determined. 2718 return ( 'application/octet-stream' === $mime_type ) ? false : $mime_type; 2719 } 2720 2721 /** 2722 * Get a list of extensions and relative mime types. 2723 * 2724 * @since X.X.X 2725 * 2726 * @return array A multidimensional array containing file extensions and mime types. 2727 */ 2728 function wp_get_file_types() { 2729 2730 $mime_map = array( 2731 // Image formats. 2732 'jpg' => array( 2733 'image/jpeg', 2734 'image/pjpeg', 2735 ), 2736 'jpeg' => array( 2737 'image/jpeg', 2738 'image/pjpeg', 2739 ), 2740 'jpe' => array( 2741 'image/jpeg', 2742 'image/pjpeg', 2743 ), 2744 'gif' => array( 2745 'image/gif', 2746 2747 ), 2748 'png' => array( 2749 'image/png', 2750 'image/vnd.mozilla.apng', 2751 ), 2752 'bmp' => array( 2753 'image/bmp', 2754 'image/x-bmp', 2755 'image/x-ms-bmp', 2756 ), 2757 'tiff' => array( 2758 'image/tiff', 2759 ), 2760 'tif' => array( 2761 'image/tiff', 2762 ), 2763 'ico' => array( 2764 'application/ico', 2765 'image/ico', 2766 'image/icon', 2767 'image/vnd.microsoft.icon', 2768 'image/x-ico', 2769 'image/x-icon', 2770 'text/ico', 2771 ), 2772 // Video formats. 2773 'asf' => array( 2774 'application/vnd.ms-asf', 2775 'video/x-ms-asf', 2776 'video/x-ms-asf-plugin', 2777 'video/x-ms-wm', 2778 ), 2779 'asx' => array( 2780 'application/x-ms-asx', 2781 'application/xml', 2782 'audio/x-ms-asx', 2783 'video/x-ms-asf', 2784 'video/x-ms-wax', 2785 'video/x-ms-wmx', 2786 'video/x-ms-wvx', 2787 ), 2788 'wmv' => array( 2789 'application/vnd.ms-asf', 2790 'video/x-ms-asf', 2791 'video/x-ms-wmv', 2792 ), 2793 'wmx' => array( 2794 'application/x-ms-asx', 2795 'audio/x-ms-asx', 2796 'video/x-ms-wax', 2797 'video/x-ms-wmx', 2798 'video/x-ms-wvx', 2799 ), 2800 'wm' => array( 2801 'video/x-ms-wm', 2802 ), 2803 'avi' => array( 2804 'video/avi', 2805 'video/divx', 2806 'video/msvideo', 2807 'video/vnd.divx', 2808 'video/x-avi', 2809 'video/x-msvideo', 2810 ), 2811 'divx' => array( 2812 'video/avi', 2813 'video/divx', 2814 'video/msvideo', 2815 'video/vnd.divx', 2816 'video/x-avi', 2817 'video/x-msvideo', 2818 ), 2819 'flv' => array( 2820 'application/x-flash-video', 2821 'flv-application/octet-stream', 2822 'video/flv', 2823 'video/x-flv', 2824 ), 2825 'mov' => array( 2826 'application/quicktime', 2827 'video/quicktime', 2828 ), 2829 'qt' => array( 2830 'application/quicktime', 2831 'video/quicktime', 2832 ), 2833 'mpeg' => array( 2834 'video/mpeg', 2835 'video/mpeg-system', 2836 'video/x-mpeg', 2837 'video/x-mpeg-system', 2838 'video/x-mpeg2', 2839 ), 2840 'mpg' => array( 2841 'video/mpeg', 2842 'video/mpeg-system', 2843 'video/x-mpeg', 2844 'video/x-mpeg-system', 2845 'video/x-mpeg2', 2846 ), 2847 'mpe' => array( 2848 'video/mpeg', 2849 'video/mpeg-system', 2850 'video/x-mpeg', 2851 'video/x-mpeg-system', 2852 'video/x-mpeg2', 2853 ), 2854 'mp4' => array( 2855 'video/mp4', 2856 'video/mp4v-es', 2857 'video/quicktime', 2858 'video/vnd.objectvideo', 2859 'video/x-m4v', 2860 ), 2861 'm4v' => array( 2862 'video/mp4', 2863 'video/mp4v-es', 2864 'video/x-m4v', 2865 ), 2866 'ogv' => array( 2867 'application/ogg', 2868 'video/ogg', 2869 'video/x-ogg', 2870 ), 2871 'webm' => array( 2872 'application/x-matroska', 2873 'video/webm', 2874 ), 2875 'mkv' => array( 2876 'application/x-matroska', 2877 'video/x-matroska', 2878 ), 2879 '3gp' => array( // Can also be audio 2880 'audio/3gpp', 2881 'audio/3gpp-encrypted', 2882 'audio/x-rn-3gpp-amr', 2883 'audio/x-rn-3gpp-amr-encrypted', 2884 'audio/x-rn-3gpp-amr-wb', 2885 'audio/x-rn-3gpp-amr-wb-encrypted', 2886 'video/3gp', 2887 'video/3gpp', 2888 'video/3gpp-encrypted', 2889 'video/mp4', 2890 ), 2891 '3gpp' => array( // Can also be audio 2892 'audio/3gpp', 2893 'audio/3gpp-encrypted', 2894 'audio/x-rn-3gpp-amr', 2895 'audio/x-rn-3gpp-amr-encrypted', 2896 'audio/x-rn-3gpp-amr-wb', 2897 'audio/x-rn-3gpp-amr-wb-encrypted', 2898 'video/3gp', 2899 'video/3gpp', 2900 'video/3gpp-encrypted', 2901 'video/mp4', 2902 ), 2903 '3g2' => array( // Can also be audio 2904 'audio/3gpp2', 2905 'video/3gpp2', 2906 'video/mp4', 2907 ), 2908 '3gp2' => array( // Can also be audio 2909 'audio/3gpp2', 2910 'video/3gpp2', 2911 'video/mp4', 2912 ), 2913 // Text formats. 2914 'txt' => array( 2915 'text/plain', 2916 'text/prs.fallenstein.rst', 2917 'text/prs.prop.logic', 2918 ), 2919 'asc' => array( 2920 'application/pgp', 2921 'application/pgp-encrypted', 2922 'application/pgp-keys', 2923 'application/pgp-signature', 2924 'text/plain', 2925 ), 2926 'c' => array( 2927 'text/plain', 2928 'text/x-c', 2929 ), 2930 'cc' => array( 2931 'text/plain', 2932 'text/x-c', 2933 'text/x-c++src', 2934 'text/x-csrc', 2935 ), 2936 'h' => array( 2937 'text/plain', 2938 'text/x-c', 2939 ), 2940 'srt' => array( 2941 'application/x-srt', 2942 'application/x-subrip', 2943 'text/plain', 2944 ), 2945 'csv' => array( 2946 'text/csv', 2947 'text/plain', 2948 'text/x-comma-separated-values', 2949 'text/x-csv', 2950 ), 2951 'tsv' => array( 2952 'text/tab-separated-values', 2953 'text/plain', 2954 ), 2955 'ics' => array( 2956 'application/ics', 2957 'text/calendar', 2958 'text/plain', 2959 'text/x-vcalendar', 2960 ), 2961 'rtx' => array( 2962 'text/plain', 2963 'text/richtext', 2964 ), 2965 'css' => array( 2966 'text/css', 2967 'text/plain', 2968 ), 2969 'htm' => array( 2970 'application/xhtml+xml', 2971 'application/xml', 2972 'text/html', 2973 'text/plain', 2974 ), 2975 'html' => array( 2976 'application/vnd.dtg.local.html', 2977 'application/xhtml+xml', 2978 'application/xml', 2979 'text/html', 2980 'text/plain', 2981 ), 2982 'vtt' => array( 2983 'text/plain', 2984 'text/vtt', 2985 ), 2986 // Audio formats. 2987 'mp3' => array( 2988 'audio/mp3', 2989 'audio/mpeg', 2990 'audio/x-mp3', 2991 'audio/x-mpeg', 2992 'audio/x-mpg', 2993 ), 2994 'm4a' => array( 2995 'application/quicktime', 2996 'audio/m4a', 2997 'audio/mp4', 2998 'audio/x-m4a', 2999 'audio/x-mp4a', 3000 ), 3001 'm4b' => array( 3002 'application/quicktime', 3003 'audio/mp4', 3004 'audio/x-m4a', 3005 'audio/x-m4b', 3006 'audio/x-mp4a', 3007 ), 3008 'aac' => array( 3009 'audio/aac', 3010 'audio/x-aac', 3011 'audio/x-hx-aac-adts', 3012 ), 3013 'ra' => array( 3014 'audio/vnd.m-realaudio', 3015 'audio/vnd.rn-realaudio', 3016 'audio/x-pn-realaudio', 3017 'audio/x-realaudio', 3018 ), 3019 'ram' => array( 3020 'application/ram', 3021 'audio/x-pn-realaudio', 3022 'audio/x-realaudio', 3023 ), 3024 'wav' => array( 3025 'audio/vnd.dts', 3026 'audio/vnd.wave', 3027 'audio/wav', 3028 'audio/wave', 3029 'audio/x-wav', 3030 ), 3031 'ogg' => array( // Can also be video. 3032 'application/ogg', 3033 'application/x-ogg', 3034 'audio/ogg', 3035 'audio/vorbis', 3036 'audio/x-flac+ogg', 3037 'audio/x-ogg', 3038 'audio/x-oggflac', 3039 'audio/x-speex+ogg', 3040 'audio/x-vorbis', 3041 'audio/x-vorbis+ogg', 3042 'video/ogg', 3043 'video/x-ogg', 3044 'video/x-theora', 3045 'video/x-theora+ogg', 3046 ), 3047 'oga' => array( 3048 'application/ogg', 3049 'audio/ogg', 3050 'audio/vorbis', 3051 'audio/x-flac+ogg', 3052 'audio/x-ogg', 3053 'audio/x-oggflac', 3054 'audio/x-speex+ogg', 3055 'audio/x-vorbis', 3056 'audio/x-vorbis+ogg', 3057 ), 3058 'flac' => array( 3059 'audio/flac', 3060 'audio/x-flac', 3061 ), 3062 'mid' => array( 3063 'audio/midi', 3064 'audio/sp-midi', 3065 'audio/x-midi', 3066 ), 3067 'midi' => array( 3068 'audio/midi', 3069 'audio/x-midi', 3070 ), 3071 'wma' => array( 3072 'application/vnd.ms-asf', 3073 'audio/wma', 3074 'audio/x-ms-wma', 3075 'video/x-ms-asf', 3076 ), 3077 'wax' => array( 3078 'application/x-ms-asx', 3079 'audio/x-ms-asx', 3080 'audio/x-ms-wax', 3081 'video/x-ms-wax', 3082 'video/x-ms-wmx', 3083 'video/x-ms-wvx', 3084 ), 3085 'mka' => array( 3086 'application/x-matroska', 3087 'audio/x-matroska', 3088 ), 3089 // Misc application formats. 3090 'rtf' => array( 3091 'application/rtf', 3092 'text/plain', 3093 'text/rtf', 3094 ), 3095 'js' => array( 3096 'application/ecmascript', 3097 'application/javascript', 3098 'application/node', 3099 'application/x-javascript', 3100 'text/javascript', 3101 'text/plain', 3102 ), 3103 'pdf' => array( 3104 'application/acrobat', 3105 'application/nappdf', 3106 'application/pdf', 3107 'application/x-pdf', 3108 'image/pdf', 3109 ), 3110 'swf' => array( 3111 'application/futuresplash', 3112 'application/vnd.adobe.flash.movie', 3113 'application/x-shockwave-flash', 3114 ), 3115 'class' => array( 3116 'application/java', 3117 'application/java-byte-code', 3118 'application/java-vm', 3119 'application/vnd.dvb.dvbj', 3120 'application/x-java', 3121 'application/x-java-class', 3122 'application/x-java-vm', 3123 ), 3124 'tar' => array( 3125 'application/x-gtar', 3126 'application/x-tar', 3127 ), 3128 'zip' => array( 3129 'application/vnd.easykaraoke.cdgdownload', 3130 'application/vnd.gov.sk.e-form+zip', 3131 'application/x-zip', 3132 'application/x-zip-compressed', 3133 'application/zip', 3134 ), 3135 'gz' => array( 3136 'application/gzip', 3137 'application/gzip-compressed', 3138 'application/gzipped', 3139 'application/x-gunzip', 3140 'application/x-gzip', 3141 'application/x-gzip-compressed', 3142 'gzip/document', 3143 ), 3144 'gzip' => array( 3145 'application/gzip', 3146 'application/gzip-compressed', 3147 'application/gzipped', 3148 'application/x-gunzip', 3149 'application/x-gzip', 3150 'application/x-gzip-compressed', 3151 'gzip/document', 3152 ), 3153 'rar' => array( 3154 'application/vnd.rar', 3155 'application/x-rar', 3156 'application/x-rar-compressed', 3157 ), 3158 '7z' => array( 3159 'application/x-7z-compressed', 3160 ), 3161 'exe' => array( 3162 'application/x-dosexec', 3163 'application/x-ms-dos-executable', 3164 'application/x-msdownload', 3165 ), 3166 'psd' => array( 3167 'application/photoshop', 3168 'application/x-photoshop', 3169 'image/photoshop', 3170 'image/psd', 3171 'image/vnd.adobe.photoshop', 3172 'image/x-photoshop', 3173 'image/x-psd', 3174 ), 3175 'xcf' => array( 3176 'image/x-xcf', 3177 'image/xcf', 3178 ), 3179 // MS Office formats. 3180 'doc' => array( 3181 'application/msword', 3182 'application/vnd.ms-office', 3183 'application/vnd.ms-word', 3184 'application/x-msword', 3185 'application/x-ole-storage', 3186 'application/xml', 3187 'zz-application/zz-winassoc-doc', 3188 ), 3189 'pot' => array( 3190 'application/mspowerpoint', 3191 'application/powerpoint', 3192 'application/vnd.ms-office', 3193 'application/vnd.ms-powerpoint', 3194 'application/x-mspowerpoint', 3195 'text/plain', 3196 'text/x-gettext-translation-template', 3197 'text/x-pot', 3198 ), 3199 'pps' => array( 3200 'application/mspowerpoint', 3201 'application/powerpoint', 3202 'application/vnd.ms-office', 3203 'application/vnd.ms-powerpoint', 3204 'application/x-mspowerpoint', 3205 ), 3206 'ppt' => array( 3207 'application/mspowerpoint', 3208 'application/powerpoint', 3209 'application/vnd.ms-office', 3210 'application/vnd.ms-powerpoint', 3211 'application/x-mspowerpoint', 3212 ), 3213 'wri' => array( 3214 'application/vnd.ms-write', 3215 'application/x-mswrite', 3216 ), 3217 'xla' => array( 3218 'application/msexcel', 3219 'application/vnd.ms-excel', 3220 'application/vnd.ms-office', 3221 'application/x-msexcel', 3222 'application/xml', 3223 'zz-application/zz-winassoc-xls', 3224 ), 3225 'xls' => array( 3226 'application/msexcel', 3227 'application/vnd.ms-excel', 3228 'application/vnd.ms-office', 3229 'application/x-msexcel', 3230 'application/xml', 3231 'zz-application/zz-winassoc-xls', 3232 ), 3233 'xlt' => array( 3234 'application/msexcel', 3235 'application/vnd.ms-excel', 3236 'application/vnd.ms-office', 3237 'application/x-msexcel', 3238 'application/xml', 3239 'zz-application/zz-winassoc-xls', 3240 ), 3241 'xlw' => array( 3242 'application/msexcel', 3243 'application/vnd.ms-excel', 3244 'application/vnd.ms-office', 3245 'application/x-msexcel', 3246 'application/xml', 3247 'zz-application/zz-winassoc-xls', 3248 ), 3249 'mdb' => array( 3250 'application/mdb', 3251 'application/msaccess', 3252 'application/vnd.ms-access', 3253 'application/vnd.msaccess', 3254 'application/x-mdb', 3255 'application/x-msaccess', 3256 'zz-application/zz-winassoc-mdb', 3257 ), 3258 'mpp' => array( 3259 'application/vnd.ms-project', 3260 'audio/x-musepack', 3261 ), 3262 'docx' => array( 3263 'application/vnd.ms-office', 3264 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 3265 'application/zip', 3266 ), 3267 'docm' => array( 3268 'application/vnd.ms-office', 3269 'application/vnd.ms-word.document.macroenabled.12', 3270 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 3271 'application/xml', 3272 ), 3273 'dotx' => array( 3274 'application/vnd.ms-office', 3275 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 3276 'application/zip', 3277 ), 3278 'dotm' => array( 3279 'application/vnd.ms-office', 3280 'application/vnd.ms-word.template.macroenabled.12', 3281 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 3282 'application/xml', 3283 ), 3284 'xlsx' => array( 3285 'application/vnd.ms-office', 3286 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3287 'application/zip', 3288 ), 3289 'xlsm' => array( 3290 'application/vnd.ms-excel.sheet.macroenabled.12', 3291 'application/vnd.ms-office', 3292 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3293 'application/zip', 3294 ), 3295 'xlsb' => array( 3296 'application/vnd.ms-excel.sheet.binary.macroenabled.12', 3297 'application/vnd.ms-office', 3298 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3299 'application/xml', 3300 ), 3301 'xltx' => array( 3302 'application/vnd.ms-office', 3303 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3304 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 3305 'application/zip', 3306 ), 3307 'xltm' => array( 3308 'application/vnd.ms-excel.template.macroenabled.12', 3309 'application/vnd.ms-office', 3310 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 3311 'application/xml', 3312 ), 3313 'xlam' => array( 3314 'application/vnd.ms-excel.addin.macroenabled.12', 3315 'application/vnd.ms-office', 3316 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 3317 'application/xml', 3318 ), 3319 'pptx' => array( 3320 'application/vnd.ms-office', 3321 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 3322 'application/zip', 3323 ), 3324 'pptm' => array( 3325 'application/vnd.ms-office', 3326 'application/vnd.ms-powerpoint.presentation.macroenabled.12', 3327 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 3328 ), 3329 'ppsx' => array( 3330 'application/vnd.ms-office', 3331 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 3332 'application/zip', 3333 ), 3334 'ppsm' => array( 3335 'application/vnd.ms-office', 3336 'application/vnd.ms-powerpoint.slideshow.macroenabled.12', 3337 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 3338 ), 3339 'potx' => array( 3340 'application/vnd.ms-office', 3341 'application/vnd.openxmlformats-officedocument.presentationml.template', 3342 'application/zip', 3343 ), 3344 'potm' => array( 3345 'application/vnd.ms-office', 3346 'application/vnd.ms-powerpoint.template.macroenabled.12', 3347 'application/vnd.openxmlformats-officedocument.presentationml.template', 3348 ), 3349 'ppam' => array( 3350 'application/vnd.ms-office', 3351 'application/vnd.ms-powerpoint.addin.macroenabled.12', 3352 ), 3353 'sldx' => array( 3354 'application/vnd.ms-office', 3355 'application/vnd.openxmlformats-officedocument.presentationml.slide', 3356 'application/zip', 3357 ), 3358 'sldm' => array( 3359 'application/vnd.ms-office', 3360 'application/vnd.ms-powerpoint.slide.macroenabled.12', 3361 'application/vnd.openxmlformats-officedocument.presentationml.slide', 3362 ), 3363 'onetoc' => array( 3364 'application/onenote', 3365 'application/onenoteformatonetoc2', 3366 ), 3367 'onetoc2' => array( 3368 'application/onenote', 3369 'application/onenoteformatonetoc2', 3370 ), 3371 'onetmp' => array( 3372 'application/msonenote', 3373 'application/onenote', 3374 ), 3375 'onepkg' => array( 3376 'application/onenote', 3377 'application/onenoteformatpackage', 3378 'application/vnd.ms-cab-compressed', 3379 ), 3380 'oxps' => array( 3381 'application/oxps', 3382 'application/vnd.ms-xpsdocument', 3383 'application/xps', 3384 'application/zip', 3385 ), 3386 'xps' => array( 3387 'application/oxps', 3388 'application/vnd.ms-xpsdocument', 3389 'application/xps', 3390 'application/zip', 3391 ), 3392 // OpenOffice formats. 3393 'odt' => array( 3394 'application/vnd.oasis.opendocument.text', 3395 'application/x-vnd.oasis.opendocument.text', 3396 'application/zip', 3397 ), 3398 'odp' => array( 3399 'application/vnd.oasis.opendocument.presentation', 3400 'application/x-vnd.oasis.opendocument.presentation', 3401 'application/zip', 3402 ), 3403 'ods' => array( 3404 'application/vnd.oasis.opendocument.spreadsheet', 3405 'application/x-vnd.oasis.opendocument.spreadsheet', 3406 'application/zip', 3407 ), 3408 'odg' => array( 3409 'application/vnd.oasis.opendocument.graphics', 3410 'application/x-vnd.oasis.opendocument.graphics', 3411 'application/zip', 3412 ), 3413 'odc' => array( 3414 'application/vnd.oasis.opendocument.chart', 3415 'application/x-vnd.oasis.opendocument.chart', 3416 'application/zip', 3417 ), 3418 'odb' => array( 3419 'application/vnd.oasis.opendocument.base', 3420 'application/vnd.oasis.opendocument.database', 3421 'application/vnd.sun.xml.base', 3422 'application/zip', 3423 ), 3424 'odf' => array( 3425 'application/vnd.oasis.opendocument.formula', 3426 'application/x-vnd.oasis.opendocument.formula', 3427 'application/zip', 3428 ), 3429 // WordPerfect formats. 3430 'wp' => array( 3431 'application/vnd.wordperfect', 3432 'application/wordperfect', 3433 'application/x-wordperfect', 3434 ), 3435 'wpd' => array( 3436 'application/vnd.wordperfect', 3437 'application/wordperfect', 3438 'application/x-wordperfect', 3439 ), 3440 // iWork formats. 3441 'key' => array( 3442 'application/vnd.apple.iwork', 3443 'application/vnd.apple.keynote', 3444 'application/x-iwork-keynote-sffkey', 3445 'application/zip', 3446 ), 3447 'numbers' => array( 3448 'application/vnd.apple.iwork', 3449 'application/vnd.apple.numbers', 3450 ), 3451 'pages' => array( 3452 'application/vnd.apple.iwork', 3453 'application/vnd.apple.pages', 3454 ), 3455 ); 3456 3457 // Backwards compatibility for plugins/themes adding mime types. 3458 $extra_mimes = array(); 3459 3460 // Handle code filtering the old mime type list. 3461 if ( has_filter( 'mime_types' ) ) { 3462 /** 3463 * Documented in wp_get_mime_types(); 3464 * 3465 * Used to get the return value of anything added via the filter. 3466 */ 3467 $extra_mimes = apply_filters( 'mime_types', $extra_mimes ); 3468 } 3469 3470 // Many plugins add mimes via the 'upload_mimes' filter. 3471 if ( has_filter( 'upload_mimes' ) ) { 3472 /** 3473 * Documented in get_allowed_mime_types(); 3474 * 3475 * Used to get the return value of anything added via the filter. 3476 */ 3477 $extra_mimes = apply_filters( 'upload_mimes', $extra_mimes, null ); 3478 } 3479 3480 /* 3481 * Loop through any extra mimes added via filters and convert them 3482 * to the new multidimentional array format. 3483 */ 3484 foreach ( $extra_mimes as $ext_preg => $mime_val ) { 3485 // Convert any regex patterns to an array of extensions. 3486 $extensions = explode( '|', $ext_preg ); 3487 3488 // Add extra mimes to the extension, whether it exists or not. 3489 foreach ( $extensions as $ext ) { 3490 $mime_map[ $ext ][] = $mime_val; 3491 } 3492 } 3493 3494 /** 3495 * Filters the list of file extensions and mime types. 3496 * 3497 * This filter should be used to add, not remove, mime types. To remove 3498 * mime types, use the {@see 'wp_allowed_mimes'} filter. 3499 * 3500 * @since X.X.X 3501 * 3502 * @param array $mime_map File extensions and their corresponding mime types. 3503 * 3504 */ 3505 return apply_filters( 'wp_file_types', $mime_map ); 2669 3506 } 2670 3507 2671 3508 /** … … function wp_get_image_mime( $file ) { 2673 3510 * 2674 3511 * @since 3.5.0 2675 3512 * @since 4.2.0 Support was added for GIMP (xcf) files. 3513 * @deprecated X.X.X Use wp_get_file_types() 3514 * @see wp_get_file_types() 3515 2676 3516 * 2677 3517 * @return array Array of mime types keyed by the file extension regex corresponding to those types. 2678 3518 */ 2679 3519 function wp_get_mime_types() { 3520 // _deprecated_function( __FUNCTION__, 'X.X.X', 'wp_get_file_types()' ); 3521 2680 3522 /** 2681 3523 * Filters the list of mime types and file extensions. 2682 3524 * … … function wp_get_ext_types() { 2831 3673 ); 2832 3674 } 2833 3675 3676 /** 3677 * Retrieve list of allowed file types and corresponding mime types. 3678 * 3679 * @since X.X.X 3680 * 3681 * @param int|WP_User $user Optional. User to check. Defaults to current user. 3682 * @return array Array of mime types keyed by the file extension regex corresponding 3683 * to those types. 3684 */ 3685 function wp_get_allowed_file_types( $user = null ) { 3686 $mimes = wp_get_file_types(); 3687 3688 // Flash and executables are never allowed. 3689 unset( $mimes['swf'], $mimes['exe'] ); 3690 3691 // See if the user has unfiltered_html capabilities. 3692 $unfiltered_html = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); 3693 3694 // Apply extension restrictions for users without 'unfiltered_html' caps. 3695 if ( ! $unfiltered_html ) { 3696 unset( $mimes['htm'], $mimes['html'], $mimes['js'] ); 3697 } 3698 3699 /** 3700 * Filters list of allowed mime types and file extensions. 3701 * 3702 * @since X.X.X 3703 * 3704 * @param array $mimes List of allowed file types by extension and corresponding mime 3705 * types that are supported for each extension. Note that 'swf' 3706 * and 'exe' are never supported. 'htm', 'html', and 'js' are only 3707 * supported for users with unfiltered_html capabilities. 3708 * @param int|WP_User|null $user User ID, User object or null if not provided (indicates current user). 3709 */ 3710 return apply_filters( 'wp_allowed_file_types', $mimes, $user ); 3711 } 3712 2834 3713 /** 2835 3714 * Retrieve list of allowed mime types and file extensions. 2836 3715 * … … function wp_get_ext_types() { 2841 3720 * to those types. 2842 3721 */ 2843 3722 function get_allowed_mime_types( $user = null ) { 3723 // _deprecated_function( __FUNCTION__, 'X.X.X', 'wp_get_allowed_file_types()' ); 3724 2844 3725 $t = wp_get_mime_types(); 2845 3726 2846 3727 unset( $t['swf'], $t['exe'] ); -
new file tests/phpunit/data/uploads/test.gpx
diff --git tests/phpunit/data/uploads/test.gpx tests/phpunit/data/uploads/test.gpx new file mode 100644 index 0000000000..de06c36008
- + 1 <?xml version="1.0" encoding="UTF-8"?> 2 <gpx version="1.0"> 3 <name>Example gpx</name> 4 <wpt lat="46.57638889" lon="8.89263889"> 5 <ele>2372</ele> 6 <name>LAGORETICO</name> 7 </wpt> 8 <trk><name>Example gpx</name><number>1</number><trkseg> 9 <trkpt lat="46.57608333" lon="8.89241667"><ele>2376</ele><time>2007-10-14T10:09:57Z</time></trkpt> 10 <trkpt lat="46.57619444" lon="8.89252778"><ele>2375</ele><time>2007-10-14T10:10:52Z</time></trkpt> 11 <trkpt lat="46.57641667" lon="8.89266667"><ele>2372</ele><time>2007-10-14T10:12:39Z</time></trkpt> 12 <trkpt lat="46.57650000" lon="8.89280556"><ele>2373</ele><time>2007-10-14T10:13:12Z</time></trkpt> 13 <trkpt lat="46.57638889" lon="8.89302778"><ele>2374</ele><time>2007-10-14T10:13:20Z</time></trkpt> 14 <trkpt lat="46.57652778" lon="8.89322222"><ele>2375</ele><time>2007-10-14T10:13:48Z</time></trkpt> 15 <trkpt lat="46.57661111" lon="8.89344444"><ele>2376</ele><time>2007-10-14T10:14:08Z</time></trkpt> 16 </trkseg></trk> 17 </gpx> 18 No newline at end of file -
tests/phpunit/tests/functions.php
diff --git tests/phpunit/tests/functions.php tests/phpunit/tests/functions.php index dd908dfcf7..b80b6829be 100644
class Tests_Functions extends WP_UnitTestCase { 1159 1159 1160 1160 /** 1161 1161 * @ticket 39550 1162 * @dataProvider _wp_check_filetype_and_ext_data 1162 * @group mimes 1163 * @dataProvider _wp_check_filetype_and_ext_data_allowed 1163 1164 */ 1164 function test_wp_check_filetype_and_ext ( $file, $filename, $expected ) {1165 function test_wp_check_filetype_and_ext_allowed( $file, $filename, $expected ) { 1165 1166 if ( ! extension_loaded( 'fileinfo' ) ) { 1166 1167 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1167 1168 } 1168 1169 1169 $ this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ));1170 }1170 $wp_check_file = wp_check_filetype_and_ext( $file, $filename ); 1171 $types = wp_get_file_types(); 1171 1172 1172 /** 1173 * @ticket 39550 1174 * @group ms-excluded 1175 */ 1176 function test_wp_check_filetype_and_ext_with_filtered_svg() { 1177 if ( ! extension_loaded( 'fileinfo' ) ) { 1178 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1179 } 1173 // Check that the extension and proper_filename are what we expect. 1174 $this->assertEquals( $expected['ext'], $wp_check_file['ext'], 'Extension does not match.' ); 1175 $this->assertEquals( $expected['proper_filename'], $wp_check_file['proper_filename'], 'File not named correctly.' ); 1180 1176 1181 $file = DIR_TESTDATA . '/uploads/video-play.svg'; 1182 $filename = 'video-play.svg'; 1183 1184 $expected = array( 1185 'ext' => 'svg', 1186 'type' => 'image/svg+xml', 1187 'proper_filename' => false, 1188 ); 1189 1190 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1191 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1192 1193 // Cleanup. 1194 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_svg' ) ); 1177 // Test that the actual file type is in the list of expected file types for that extension. 1178 $this->assertTrue( in_array( $wp_check_file['type'], $types[ $expected['ext'] ], true ), 'This filetype is not allowed.' ); 1195 1179 } 1196 1180 1197 /** 1198 * @ticket 39550 1199 * @group ms-excluded 1200 */ 1201 function test_wp_check_filetype_and_ext_with_filtered_woff() { 1202 if ( ! extension_loaded( 'fileinfo' ) ) { 1203 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1204 } 1205 1206 $file = DIR_TESTDATA . '/uploads/dashicons.woff'; 1207 $filename = 'dashicons.woff'; 1208 1209 $expected = array( 1210 'ext' => 'woff', 1211 'type' => 'application/font-woff', 1212 'proper_filename' => false, 1213 ); 1214 1215 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1216 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1217 1218 // Cleanup. 1219 remove_filter( 'upload_mimes', array( $this, '_test_add_mime_types_woff' ) ); 1220 } 1221 1222 public function _filter_mime_types_svg( $mimes ) { 1223 $mimes['svg'] = 'image/svg+xml'; 1224 return $mimes; 1225 } 1226 1227 public function _filter_mime_types_woff( $mimes ) { 1228 $mimes['woff'] = 'application/font-woff'; 1229 return $mimes; 1230 } 1231 1232 /** 1233 * Data provider for test_wp_get_image_mime(); 1234 */ 1235 public function _wp_get_image_mime() { 1236 $data = array( 1237 // Standard JPEG. 1238 array( 1239 DIR_TESTDATA . '/images/test-image.jpg', 1240 'image/jpeg', 1241 ), 1242 // Standard GIF. 1243 array( 1244 DIR_TESTDATA . '/images/test-image.gif', 1245 'image/gif', 1246 ), 1247 // Standard PNG. 1248 array( 1249 DIR_TESTDATA . '/images/test-image.png', 1250 'image/png', 1251 ), 1252 // Image with wrong extension. 1253 array( 1254 DIR_TESTDATA . '/images/test-image-mime-jpg.png', 1255 'image/jpeg', 1256 ), 1257 // Not an image. 1258 array( 1259 DIR_TESTDATA . '/uploads/dashicons.woff', 1260 false, 1261 ), 1262 ); 1263 1264 return $data; 1265 } 1266 1267 public function _wp_check_filetype_and_ext_data() { 1181 public function _wp_check_filetype_and_ext_data_allowed() { 1268 1182 $data = array( 1269 1183 // Standard image. 1270 1184 array( … … class Tests_Functions extends WP_UnitTestCase { 1286 1200 'proper_filename' => 'test-image-mime-jpg.jpg', 1287 1201 ), 1288 1202 ), 1289 // Image without extension. 1290 array( 1291 DIR_TESTDATA . '/images/test-image-no-extension', 1292 'test-image-no-extension', 1293 array( 1294 'ext' => false, 1295 'type' => false, 1296 'proper_filename' => false, 1297 ), 1298 ), 1299 // Valid non-image file with an image extension. 1300 array( 1301 DIR_TESTDATA . '/formatting/big5.txt', 1302 'big5.jpg', 1303 array( 1304 'ext' => false, 1305 'type' => false, 1306 'proper_filename' => false, 1307 ), 1308 ), 1309 // Non-image file not allowed. 1310 array( 1311 DIR_TESTDATA . '/export/crazy-cdata.xml', 1312 'crazy-cdata.xml', 1313 array( 1314 'ext' => false, 1315 'type' => false, 1316 'proper_filename' => false, 1317 ), 1318 ), 1319 // Non-image file not allowed even if it's named like one. 1320 array( 1321 DIR_TESTDATA . '/export/crazy-cdata.xml', 1322 'crazy-cdata.jpg', 1323 array( 1324 'ext' => false, 1325 'type' => false, 1326 'proper_filename' => false, 1327 ), 1328 ), 1329 // Non-image file not allowed if it's named like something else. 1330 array( 1331 DIR_TESTDATA . '/export/crazy-cdata.xml', 1332 'crazy-cdata.doc', 1333 array( 1334 'ext' => false, 1335 'type' => false, 1336 'proper_filename' => false, 1337 ), 1338 ), 1339 // Non-image file not allowed even if it's named like one. 1203 // Assorted text/* sample files 1340 1204 array( 1341 DIR_TESTDATA . '/ export/crazy-cdata.xml',1342 ' crazy-cdata.jpg',1205 DIR_TESTDATA . '/uploads/test.vtt', 1206 'test.vtt', 1343 1207 array( 1344 'ext' => false,1345 'type' => false,1208 'ext' => 'vtt', 1209 'type' => 'text/vtt', 1346 1210 'proper_filename' => false, 1347 1211 ), 1348 1212 ), 1349 // Non-image file not allowed if it's named like something else.1350 1213 array( 1351 DIR_TESTDATA . '/ export/crazy-cdata.xml',1352 ' crazy-cdata.doc',1214 DIR_TESTDATA . '/uploads/test.csv', 1215 'test.csv', 1353 1216 array( 1354 'ext' => false,1355 'type' => false,1217 'ext' => 'csv', 1218 'type' => 'text/csv', 1356 1219 'proper_filename' => false, 1357 1220 ), 1358 1221 ), … … class Tests_Functions extends WP_UnitTestCase { 1364 1227 $data, 1365 1228 array( 1366 1229 // Standard non-image file. 1367 1368 1369 1370 1371 1372 1373 1374 1375 1230 array( 1231 DIR_TESTDATA . '/formatting/big5.txt', 1232 'big5.txt', 1233 array( 1234 'ext' => 'txt', 1235 'type' => 'text/plain', 1236 'proper_filename' => false, 1237 ), 1238 ), 1376 1239 // Non-image file with wrong sub-type. 1377 1240 array( 1378 1241 DIR_TESTDATA . '/uploads/pages-to-word.docx', … … class Tests_Functions extends WP_UnitTestCase { 1429 1292 return $data; 1430 1293 } 1431 1294 1295 /** 1296 * @ticket 39550 1297 * @group mimes 1298 * @dataProvider _wp_check_filetype_and_ext_data_unallowed 1299 */ 1300 function test_wp_check_filetype_and_ext_unallowed( $file, $filename ) { 1301 if ( ! extension_loaded( 'fileinfo' ) ) { 1302 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1303 } 1304 1305 $expected = array( 1306 'ext' => false, 1307 'type' => false, 1308 'proper_filename' => false, 1309 ); 1310 1311 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1312 } 1313 1314 public function _wp_check_filetype_and_ext_data_unallowed() { 1315 $data = array( 1316 // Image without extension. 1317 array( 1318 DIR_TESTDATA . '/images/test-image-no-extension', 1319 'test-image-no-extension', 1320 ), 1321 // Valid non-image file with an image extension. 1322 array( 1323 DIR_TESTDATA . '/formatting/big5.txt', 1324 'big5.jpg', 1325 ), 1326 // DFXP files removed in WordPress 5.1.0 1327 array( 1328 DIR_TESTDATA . '/uploads/test.dfxp', 1329 'test.dfxp', 1330 ), 1331 // Non-image file not allowed. 1332 array( 1333 DIR_TESTDATA . '/export/crazy-cdata.xml', 1334 'crazy-cdata.xml', 1335 ), 1336 // Non-image file not allowed even if it's named like one. 1337 array( 1338 DIR_TESTDATA . '/export/crazy-cdata.xml', 1339 'crazy-cdata.jpg', 1340 ), 1341 // Non-image file not allowed if it's named like something else. 1342 array( 1343 DIR_TESTDATA . '/export/crazy-cdata.xml', 1344 'crazy-cdata.doc', 1345 ), 1346 // Non-image file not allowed even if it's named like one. 1347 array( 1348 DIR_TESTDATA . '/export/crazy-cdata.xml', 1349 'crazy-cdata.jpg', 1350 ), 1351 // Non-image file not allowed if it's named like something else. 1352 array( 1353 DIR_TESTDATA . '/export/crazy-cdata.xml', 1354 'crazy-cdata.doc', 1355 ), 1356 // Non-image file not allowed even if it's named like one. 1357 array( 1358 DIR_TESTDATA . '/export/crazy-cdata.xml', 1359 'crazy-cdata.jpg', 1360 ), 1361 // Non-image file not allowed if it's named like something else. 1362 array( 1363 DIR_TESTDATA . '/export/crazy-cdata.xml', 1364 'crazy-cdata.doc', 1365 ), 1366 ); 1367 1368 return $data; 1369 } 1370 1371 /** 1372 * @ticket 39550 1373 * @group mimes 1374 * @group ms-excluded 1375 */ 1376 function test_wp_check_filetype_and_ext_with_filtered_svg() { 1377 if ( ! extension_loaded( 'fileinfo' ) ) { 1378 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1379 } 1380 1381 $file = DIR_TESTDATA . '/uploads/video-play.svg'; 1382 $filename = 'video-play.svg'; 1383 1384 $expected = array( 1385 'ext' => 'svg', 1386 'type' => 'image/svg+xml', 1387 'proper_filename' => false, 1388 ); 1389 1390 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1391 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1392 1393 // Cleanup. 1394 remove_filter( 'upload_mimes', array( $this, '_filter_mime_types_svg' ) ); 1395 } 1396 1397 public function _filter_mime_types_svg( $mimes ) { 1398 $mimes['svg'] = 'image/svg+xml'; 1399 return $mimes; 1400 } 1401 1402 /** 1403 * @ticket 39550 1404 * @group mimes 1405 * @group ms-excluded 1406 */ 1407 function test_wp_check_filetype_and_ext_with_filtered_woff() { 1408 if ( ! extension_loaded( 'fileinfo' ) ) { 1409 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1410 } 1411 1412 $file = DIR_TESTDATA . '/uploads/dashicons.woff'; 1413 $filename = 'dashicons.woff'; 1414 1415 $expected = array( 1416 'ext' => 'woff', 1417 'type' => 'application/font-woff', 1418 'proper_filename' => false, 1419 ); 1420 1421 add_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1422 $this->assertEquals( $expected, wp_check_filetype_and_ext( $file, $filename ) ); 1423 1424 // Cleanup. 1425 remove_filter( 'upload_mimes', array( $this, '_filter_mime_types_woff' ) ); 1426 } 1427 1428 public function _filter_mime_types_woff( $mimes ) { 1429 $mimes['woff'] = 'application/font-woff'; 1430 return $mimes; 1431 } 1432 1433 /** 1434 * @group ms-excluded 1435 * @group mimes 1436 * @ticket 40175 1437 * @ticket 45615 1438 */ 1439 function test_wp_check_filetype_and_ext_with_filtered_gpx() { 1440 if ( ! extension_loaded( 'fileinfo' ) ) { 1441 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1442 } 1443 1444 $file = DIR_TESTDATA . '/uploads/test.gpx'; 1445 $filename = 'test.gpx'; 1446 1447 add_filter( 'wp_file_types', array( $this, '_filter_mime_types_gpx' ) ); 1448 1449 $wp_check_file = wp_check_filetype_and_ext( $file, $filename ); 1450 $types = wp_get_file_types(); 1451 1452 // Check that the extension and proper_filename are what we expect. 1453 $this->assertEquals( 'gpx', $wp_check_file['ext'], 'Extension does not match.' ); 1454 $this->assertFalse( $wp_check_file['proper_filename'], 'File not named correctly.' ); 1455 1456 // Test that the actual file type is in the list of expected file types for that extension. 1457 $this->assertTrue( in_array( $wp_check_file['type'], $types['gpx'], true ), 'This filetype is not allowed.' ); 1458 1459 // Cleanup. 1460 remove_filter( 'wp_file_types', array( $this, '_filter_mime_types_gpx' ) ); 1461 } 1462 1463 public function _filter_mime_types_gpx( $mimes ) { 1464 $mimes['gpx'] = [ 1465 'application/xml', 1466 'text/xml', 1467 ]; 1468 1469 return $mimes; 1470 } 1471 1472 /** 1473 * Data provider for test_wp_get_image_mime(); 1474 */ 1475 public function _wp_get_image_mime() { 1476 $data = array( 1477 // Standard JPEG. 1478 array( 1479 DIR_TESTDATA . '/images/test-image.jpg', 1480 'image/jpeg', 1481 ), 1482 // Standard GIF. 1483 array( 1484 DIR_TESTDATA . '/images/test-image.gif', 1485 'image/gif', 1486 ), 1487 // Standard PNG. 1488 array( 1489 DIR_TESTDATA . '/images/test-image.png', 1490 'image/png', 1491 ), 1492 // Image with wrong extension. 1493 array( 1494 DIR_TESTDATA . '/images/test-image-mime-jpg.png', 1495 'image/jpeg', 1496 ), 1497 // Not an image. 1498 array( 1499 DIR_TESTDATA . '/uploads/dashicons.woff', 1500 false, 1501 ), 1502 ); 1503 1504 return $data; 1505 } 1506 1507 /** 1508 * Tests compatability for the $mimes parameter in wp_check_filetype_and_ext(). 1509 * 1510 * @group mimes 1511 * @ticket 40175 1512 * @dataProvider data_check_mimes_param() 1513 * 1514 * @param string $file A file path. 1515 * @param string $filename A file name. 1516 * @param string|bool $type The expected mime type returned by wp_check_filetype_and_ext(). 1517 */ 1518 public function test_wp_check_filetype_and_ext_mimes_param( $file, $filename, $type ) { 1519 if ( ! extension_loaded( 'fileinfo' ) ) { 1520 $this->markTestSkipped( 'The fileinfo PHP extension is not loaded.' ); 1521 } 1522 1523 $checked = wp_check_filetype_and_ext( $file, $filename, array( 'png' => 'image/png' ) ); 1524 1525 $this->assertTrue( $checked['type'] === $type ); 1526 } 1527 1528 /** 1529 * Data provider for test_wp_check_filetype_and_ext_mimes_param(). 1530 * 1531 * @return array { 1532 * @type array $0... { 1533 * @type string $0 File path. 1534 * @type string $1 File name. 1535 * @type string|bool $2 Expected mime type result. 1536 * } 1537 * } 1538 */ 1539 public function data_check_mimes_param() { 1540 return array( 1541 array( 1542 DIR_TESTDATA . '/images/test-image.png', 1543 'test-image.png', 1544 'image/png', 1545 ), 1546 array( 1547 DIR_TESTDATA . '/images/test-image.jpg', 1548 'test-image.jpg', 1549 false, 1550 ), 1551 ); 1552 } 1553 1554 1432 1555 /** 1433 1556 * Test file path validation 1434 1557 *