WordPress.org

Make WordPress Core

Changeset 44012


Ignore:
Timestamp:
12/12/2018 11:49:06 PM (22 months ago)
Author:
jeremyfelt
Message:

Media: Improve verification of MIME file types.

Merges [43988] to the 3.7 branch.

Location:
branches/3.7
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7

  • branches/3.7/src

  • branches/3.7/src/wp-includes/functions.php

    r43405 r44012  
    19731973            }
    19741974        }
    1975     } elseif ( function_exists( 'finfo_file' ) ) {
    1976         // Use finfo_file if available to validate non-image files.
     1975    }
     1976
     1977    // Validate files that didn't get validated during previous checks.
     1978    if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) {
    19771979        $finfo = finfo_open( FILEINFO_MIME_TYPE );
    19781980        $real_mime = finfo_file( $finfo, $file );
    19791981        finfo_close( $finfo );
    19801982
    1981         // If the extension does not match the file's real type, return false.
    1982         if ( $real_mime !== $type ) {
     1983        // fileinfo often misidentifies obscure files as one of these types
     1984        $nonspecific_types = array(
     1985            'application/octet-stream',
     1986            'application/encrypted',
     1987            'application/CDFV2-encrypted',
     1988            'application/zip',
     1989        );
     1990
     1991        /*
     1992         * If $real_mime doesn't match the content type we're expecting from the file's extension,
     1993         * we need to do some additional vetting. Media types and those listed in $nonspecific_types are
     1994         * allowed some leeway, but anything else must exactly match the real content type.
     1995         */
     1996        if ( in_array( $real_mime, $nonspecific_types, true ) ) {
     1997            // File is a non-specific binary type. That's ok if it's a type that generally tends to be binary.
     1998            if ( !in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ) ) ) {
     1999                $type = $ext = false;
     2000            }
     2001        } elseif ( 0 === strpos( $real_mime, 'video/' ) || 0 === strpos( $real_mime, 'audio/' ) ) {
     2002            /*
     2003             * For these types, only the major type must match the real value.
     2004             * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip,
     2005             * and some media files are commonly named with the wrong extension (.mov instead of .mp4)
     2006             */
     2007
     2008            if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) {
     2009                $type = $ext = false;
     2010            }
     2011        } else {
     2012            if ( $type !== $real_mime ) {
     2013                /*
     2014                 * Everything else including image/* and application/*:
     2015                 * If the real content type doesn't match the file extension, assume it's dangerous.
     2016                 */
     2017                $type = $ext = false;
     2018            }
     2019
     2020        }
     2021    }
     2022
     2023    // The mime type must be allowed
     2024    if ( $type ) {
     2025        $allowed = get_allowed_mime_types();
     2026
     2027        if ( ! in_array( $type, $allowed ) ) {
    19832028            $type = $ext = false;
    19842029        }
Note: See TracChangeset for help on using the changeset viewer.