WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 4 weeks ago

#47752 new defect (bug)

Fix upload of .srt files

Reported by: afercia Owned by:
Milestone: 5.3 Priority: normal
Severity: normal Version: 5.0.1
Component: Upload Keywords: needs-patch has-screenshots
Focuses: Cc:

Description

See #45615, #45622, [44438], [44439], and [44443].

Files with .srt extension are meant for video subtitles (captions), much like .vtt files. After the changes to make the mime type check stricter in WordPress 5.0.1 (backported to 4.9.9, etc.), uploading .srt files can fail because of mismatched MIME type check. Actually, .vtt can be served as text/plain depending on the server configuration.

Before WordPress 5.0.2, .srt files could be uploaded without issues.

For example, on a standard VVV install, the upload fails. Test file from the mediaelement-files GitHub repo:
https://github.com/mediaelement/mediaelement-files/blob/master/mediaelement.srt

Attachments (2)

srt.png (33.6 KB) - added by afercia 5 weeks ago.
Screenshot 2019-07-22 at 5.55.35 PM.png (172.2 KB) - added by dkarfa 5 weeks ago.

Download all attachments as: .zip

Change History (6)

@afercia
5 weeks ago

#2 @dkarfa
5 weeks ago

True, I try in VVV and got
`“mediaelement.srt” has failed to upload.
Sorry, this file type is not permitted for security reasons.` - Error

#3 @killerbishop
4 weeks ago

I've tested this specific issue using vvv - from what I can tell - the mime type on this file according to finfo is text/html. Expectation from the wp_check_filetype_and_ext() is that it should be text/plain. It's also not in the array of choices in that call. Before pushing a patch - if something comes back as text/html with extension .srt - should this be allowed or is text/html purposefully ignored for security reasons here?

#4 @killerbishop
4 weeks ago

I would say this might be a part of this bigger looking issue: #40175

Note: See TracTickets for help on using tickets.