WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 4 months ago

#47448 closed defect (bug) (duplicate)

CSV import MIME type fails with HTML content

Reported by: netweblogic Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.3
Component: Upload Keywords:
Focuses: Cc:
PR Number:

Description

Related to #45615 which is not fully resolved.

I've noticed that with CSV uploads, if a CSV contains HTML (which is valid content for a CSV file), the MIME type in the following function gets returned as 'text/html':

https://core.trac.wordpress.org/browser/trunk/src/wp-includes/functions.php#L2567

$real_mime = finfo_file( $finfo, $file );

Here's a simple CSV file sample that demonstrates the problem. Try uploading that to media and you get

Sorry, this file type is not permitted for security reasons.

"Name","Surname","DOB","Text"
"John","Smith","1980-01-01","<a href=""http://wordpress.org/"">WordPress</a>"

Remove the HTML in there, and it uploads without issue. I think CSV should permit text/html as well as a valid mime type.

Attachments (1)

random.csv (111 bytes) - added by netweblogic 6 months ago.
Example CSV file that'll fail to get uploaded.

Download all attachments as: .zip

Change History (3)

@netweblogic
6 months ago

Example CSV file that'll fail to get uploaded.

#1 @SergeyBiryukov
6 months ago

  • Component changed from General to Upload

#2 @andraganescu
4 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #40175.

Hi there,

This problem with detecting the correct mime of files is being already tracked in https://core.trac.wordpress.org/ticket/40175 and the solution which will be found there will address this too. Therefore I will close this as duplicate of that ticket.

Thank you!

Note: See TracTickets for help on using tickets.