Changeset 40134 for branches/4.7/src/wp-includes/functions.php
- Timestamp:
- 02/27/2017 07:27:58 PM (8 years ago)
- Location:
- branches/4.7
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.7
- Property svn:mergeinfo changed
/trunk merged: 40124-40125
- Property svn:mergeinfo changed
-
branches/4.7/src/wp-includes/functions.php
r40085 r40134 2269 2269 } 2270 2270 2271 $real_mime = false; 2272 2271 2273 // Validate image types. 2272 2274 if ( $type && 0 === strpos( $type, 'image/' ) ) { … … 2275 2277 $real_mime = wp_get_image_mime( $file ); 2276 2278 2277 if ( ! $real_mime ) { 2278 $type = $ext = false; 2279 } elseif ( $real_mime != $type ) { 2279 if ( $real_mime && $real_mime != $type ) { 2280 2280 /** 2281 2281 * Filters the list mapping image mime types to their respective extensions. … … 2308 2308 $type = $wp_filetype['type']; 2309 2309 } else { 2310 $type = $ext = false; 2310 // Reset $real_mime and try validating again. 2311 $real_mime = false; 2311 2312 } 2312 2313 } 2313 } elseif ( function_exists( 'finfo_file' ) ) { 2314 // Use finfo_file if available to validate non-image files. 2314 } 2315 2316 // Validate files that didn't get validated during previous checks. 2317 if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { 2315 2318 $finfo = finfo_open( FILEINFO_MIME_TYPE ); 2316 2319 $real_mime = finfo_file( $finfo, $file ); 2317 2320 finfo_close( $finfo ); 2318 2321 2319 // If the extension does not match the file's real type, return false. 2320 if ( $real_mime !== $type ) { 2321 $type = $ext = false; 2322 /* 2323 * If $real_mime doesn't match what we're expecting, we need to do some extra 2324 * vetting of application mime types to make sure this type of file is allowed. 2325 * Other mime types are assumed to be safe, but should be considered unverified. 2326 */ 2327 if ( $real_mime && ( $real_mime !== $type ) && ( 0 === strpos( $real_mime, 'application' ) ) ) { 2328 $allowed = get_allowed_mime_types(); 2329 2330 if ( ! in_array( $real_mime, $allowed ) ) { 2331 $type = $ext = false; 2332 } 2322 2333 } 2323 2334 }
Note: See TracChangeset
for help on using the changeset viewer.