#39580 closed defect (bug) (duplicate)
New wp_get_image_mime() function breaks SVG uploads
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7.1 |
Component: | Upload | Keywords: | |
Focuses: | Cc: |
Description
I have used the 'upload_mimes' action to add support for uploading SVGs to a site. This was working fine up through WP 4.7, but has broken in 4.7.1. Now an SVG upload returns the "Sorry, this file type is not permitted for security reasons" message, even though I have confirmed SVG is still in the array of allowed MIME types for the site.
I believe I have tracked the cause to the new function wp_get_image_mime(), introduced in 4.7.1. This relies on two core PHP functions, exif_imagetype() and image_type_to_mime_type(), which apparently do not recognize SVG files.
Because the SVG MIME type is "image/svg+xml" (specifically, because its type starts with "image/"), an SVG upload is triggering wp_get_image_mime() to run while validating the upload. But since these PHP functions don't recognize SVG files, wp_get_image_mime() is returning false, even if SVG support has been added with 'upload_mimes'.
I have confirmed that this function is causing SVG uploads to fail by temporarily modifying the function to simply return "image/svg+xml". When it returns that string, SVG uploads work.
I'm aware that there are legitimate security reasons why SVG support is not built in by default, but if a developer specifically uses the 'upload_mimes' action to allow it, I believe that should work.
Hi @room34, thanks for the ticket!
We're already tracking this issue in #39552 and #39550.