Opened 9 years ago
Closed 9 years ago
#34190 closed defect (bug) (invalid)
Function Reference/wp check filetype
Reported by: | lpkapil | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.3.1 |
Component: | General | Keywords: | needs-codex |
Focuses: | Cc: |
Description
Change Log
Since: 2.0.4
Source File
wp_check_filetype() is located in wp-includes/functions.php.
But it's not actually located at this place as well, instead it's similar method 'wp_check_filetype_and_ext' is located on this file.
Issue:
Whenever we provide a url or a file name that have mulitple DOT SEPRATOR, it simply fails and don't return anything. It's not specified in codex as well.
Example: 'var/test/abc.user.class.php'
It should check recursively for correct file extension, but it doesn't looks like it's checking correctly.
Result:
Web application crash in middle if we use it.
Attachments (2)
Change History (15)
#1
@
9 years ago
- Component changed from Cron API to Administration
- Keywords needs-patch added
- Severity changed from normal to critical
#2
@
9 years ago
We can patch this using code below, return the file extension only or create file information array using get file info:
<?php
$fileNameArr = explode(".", $path);
return end($fileNameArr);
?>
#3
@
9 years ago
- Component changed from Administration to Media
- Focuses accessibility docs administration multisite performance removed
- Keywords needs-patch removed
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Severity changed from critical to normal
- Status changed from new to closed
Hi @lpkapil, welcome to WordPress trac. Thank you for taking the time to be verbose in your potential bug report.
I've reviewed your reported bug, and unfortunately, as far as I can determine, there isn't a bug in wp_check_filetype().
The reason you are getting back false has nothing to do with the multiple seperators. Because you didn't specify an array of mime types for parameter 2, WordPress looks for a mime type matching one of the acceptable WordPress mime types in get_allowed_mime_types(). .php
is not an allowed mime type for uploads, and as a result, the function correctly returns the result of false. This is both expected and designed behavior
Proof of concept:
wp_die( var_dump( 'test.jpg', wp_check_filetype( 'test.jpg' ), 'test.php', wp_check_filetype( 'test.php' ), 'test.jpg.php', wp_check_filetype( 'test.jpg.php' ), 'test.php with php mime type declared', wp_check_filetype( 'test.php', array( 'php' => 'text/x-php' ) ) ) );
Will return
string 'test.jpg' (length=8) array (size=2) 'ext' => string 'jpg' (length=3) 'type' => string 'image/jpeg' (length=10) string 'test.php' (length=8) array (size=2) 'ext' => boolean false 'type' => boolean false string 'test.jpg.php' (length=12) array (size=2) 'ext' => boolean false 'type' => boolean false string 'test.php with php mime type declared' (length=36) array (size=2) 'ext' => string 'php' (length=3) 'type' => string 'text/x-php' (length=10)
If you're able to find a way in which the function does not perform as designed, baring in mind the above explanation of how the function is intended to work, please comment below.
#5
follow-up:
↓ 6
@
9 years ago
- Component changed from Upload to Administration
- Resolution invalid deleted
- Severity changed from normal to critical
- Status changed from closed to reopened
Hi,
let me know ? why it's not returning the file extension correctly as specified ?
function debug(){ var_dump(wp_check_filetype('/var/www/html/wordpress/wp-content/themes/twentyfifteen/user.class.php')); exit(); } add_action('init', 'debug');
I have checked with this code, as in codex :
Parameters $filename (string) (required) File name or path. Default: None $mimes (array) (optional) Key is the file extension with value as the mime type. Default: null
what's wrong here if i am supplying file name as "user.class.php" ?? why it returns bool false ? it should check the proper file extension and return that, if not it's useless for file that contains multiple dot in filename. share your views on same ?
#6
in reply to:
↑ 5
@
9 years ago
- Component changed from Administration to General
- Resolution set to invalid
- Severity changed from critical to normal
- Status changed from reopened to closed
Replying to lpkapil:
If you don't provide the $mimes
argument the function uses get_allowed_mime_types()
and wp_get_mime_types()
. The later doesn't include PHP, that's why wp_check_filetype()
returns false.
#8
@
9 years ago
- Keywords needs-patch added; needs-codex removed
- Resolution invalid deleted
- Severity changed from normal to critical
- Status changed from closed to reopened
I think it's an optional parameter mentioned in codex, you can check. Am i right ?
https://codex.wordpress.org/Function_Reference/wp_check_filetype
Then why should i care about second parameter if it's optional. can you explain ?
#9
@
9 years ago
- Severity changed from critical to normal
Hey lpkapil
There is no point in reopening this ticket. Please don't continue doing so. A discussion can continue on a closed ticket. It should only be reopened on new information or some consensus that it's valid.
It's was closed for good reasons, well explained by very experienced contributors here. The fact that a parameter is optional doesn't mean you should not care about it. An optional parameter only means that when omitted, it will take a default value.
If there is a difference between how a function is expected to to behave, in source code versus the codex other documentation, then codex/docs is the place to update, and not the other way around.
#10
@
9 years ago
@lpkapil please stop marking this ticket as critical.
By default, .php
is not an allowed file type, which is why wp_check_filetype()
returns boolean false.
#11
@
9 years ago
- Resolution set to maybelater
- Status changed from reopened to closed
He everyone,
Thanks for explanation, i have to drop this function from my plugins, where ever i have used it. Anyway good explanation about this, I though there will be some enhancement in this.
Method callback and output, results web app crash and can't use it with multi dot file name, not useful and safe method in core functions