Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#32693 closed defect (bug) (worksforme)

wp_enqueue_media() : upload_mimes not filtering

Reported by: jbonnier's profile jbonnier Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0
Component: Upload Keywords:
Focuses: Cc:

Description

Using the following code, I'm trying to allow only certain image types to be upload/selected with the WordPress media API. So I'm using add_filter on upload_mimes to restrict the mime types allowed. Using get_allowed_mime_types() I get an array containing only the mime types I want. However, when I click the change image button, I'm still able to upload files of mime types not listed before (such as PDF). I've been told that might be a bug, so here I am.

public static function file_uploader( $element_id = null, $multiple = true )
{
	add_filter( 'upload_mimes', array( 'JBLAB_Utils', 'images_upload_mimes' ) );
	var_dump( get_allowed_mime_types() );
	/**
	 * outputs:
	 *	array(3) {
	 *		["jpg|jpeg|jpe"]=>
	 *			string(10) "image/jpeg"
	 *		["gif"]=>
	 *			string(9) "image/gif"
	 *		["png"]=>
	 *			string(9) "image/png"
	 *	}
	 */

	$multiple = ( $multiple === true ) ? 'true' : 'false';
	wp_enqueue_script('jquery');
	wp_enqueue_media();		
	?>
	<div>
	<?php
	if ( empty( $element_id ) )
	{
		$element_id = "jblab_uploaded_file_url";
		?>
		<label for="jblab_uploaded_file_url"><?php _e( 'Image', 'jblab-radionomy' ); ?></label>
		<input type="text" name="jblab_uploaded_file_url" id="jblab_uploaded_file_url" class="regular-text">
		<?php
	}
	?>
		<input type="button" name="jblab_upload_file_upload_btn" id="jblab_upload_upload_btn" class="button-secondary" value="<?php _e( 'Change Image', 'jblab-radionomy' ); ?>">
	</div>
	<script type="text/javascript">
		jQuery(document).ready(function($){
			$('#jblab_upload_upload_btn').click(function(e) {
				e.preventDefault();
				var image = wp.media({ 
					title: '<?php echo str_replace( "'", "\'", __( 'Change Image', 'jblab-radionomy' ) ); ?>',
					multiple: <?php echo $multiple; ?>
				}).open()
				.on('select', function(e){
					var uploaded_image = image.state().get('selection').first();
					var image_url = uploaded_image.toJSON().url;
					<?php
					echo "
					if ($('#$element_id').is('img')) {
						$('#$element_id').attr('src',image_url);
					} else {
						$('#$element_id').val(image_url);
					}
					";
					?>
				});
			});
		});
	</script>
	<?php
}	
public static function images_upload_mimes ( $mimes = array() )
{
	//unset( $mimes );
	$mimes = array(
		'jpg|jpeg|jpe' => 'image/jpeg',
		'gif' => 'image/gif',
		'png' => 'image/png',
	);
	return $mimes;
}

Attachments (1)

32693.tests.patch (1.3 KB) - added by johnbillion 9 years ago.

Download all attachments as: .zip

Change History (8)

#1 follow-up: @steve@…
9 years ago

I tried using

add_filter('upload_mime_types','remove_pdf');
function remove_pdf( $mimes=array() ) {
   unset ( $mimes['pdf'] );
   return $mimes;
}

and was able to upload a PDF.

#2 in reply to: ↑ 1 @johnbillion
9 years ago

  • Keywords reporter-feedback added
  • Version changed from 4.2.2 to 2.0

Thanks for the report, @jbonnier.

I'm unable to reproduce this issue. The following code behaves as expected:

function images_upload_mimes( $mimes = array() )
{
	$mimes = array(
		'jpg|jpeg|jpe' => 'image/jpeg',
		'gif' => 'image/gif',
		'png' => 'image/png',
	);
	return $mimes;
}
add_filter( 'upload_mimes', 'images_upload_mimes' );

In your example code, where is the file_uploader method triggered? Is it hooked onto an action such as init? If not, that is probably the cause of your problem.

Replying to steve@…:

add_filter('upload_mime_types','remove_pdf');

The correct filter name is upload_mimes.

#3 @johnbillion
9 years ago

  • Component changed from General to Upload

#4 @johnbillion
9 years ago

32693.tests.patch introduces unit test coverage for the upload_mimes filter.

#5 @johnbillion
9 years ago

In 32919:

Implement tests for the upload_mimes filter to ensure it prevents the upload of disallowed file types.

See #32693

#6 @jbonnier
9 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

Ok, so I moved the add_filter() way sooner in the process (in the init() of my class) and that solved the issue. Sorry for the delay, I was working on something else.

Best,

jb

#7 @ocean90
9 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.