Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#45771 closed defect (bug) (duplicate)

Woff uploading fails, even added to upload_mimes filter

Reported by: matthewdietsche Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.0.1
Component: Upload Keywords:
Focuses: Cc:


Before 5.0.1, users could upload .woff files to their media library. Now uploads of that filetype are rejected with a security warning, even if added using the upload_mimes filter.

Attachments (1)

Screen Shot 2018-12-26 at 9.08.28 AM.png (12.2 KB) - added by matthewdietsche 3 years ago.

Download all attachments as: .zip

Change History (4)

#1 @matthewdietsche
3 years ago

I believe this is due to the fact that PHP's fileinfo (maybe only on particular versions of PHP?), incorrectly returns the mime type of woff files as "application/octet-stream". The way WordPress handles files with that mime type changed in 5.0.1 to ignore them unless they were one of a few, specific file types, regardless of the upload_mimes contents.

#2 @iandunn
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi Matthew, thanks for the details. This is affecting several different file types, but has a common cause, so we're tracking them all in #45615.

Please check that ticket out if you'd like to follow along, help write or test patches, etc :)

xref: https://make.wordpress.org/core/2018/12/13/backwards-compatibility-breaks-in-5-0-1/

#3 @SergeyBiryukov
3 years ago

  • Component changed from General to Upload
Note: See TracTickets for help on using tickets.