Opened 4 years ago
Last modified 4 years ago
#52531 new defect (bug)
Unable to upload .ico with PHP 7.4
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.6.1 |
Component: | Upload | Keywords: | has-patch |
Focuses: | Cc: |
Description
Hello,
I found the following related ticket: #11824
You can find attached an example file.
On PHP 7.3.21 libmagic is shown as 533 in phpinfo under "fileinfo" section.
On PHP 7.4.9 libmagic is shown as 537 in phpinfo under "fileinfo" section.
I tried to upload the same file as an admin on a fresh WP install on both versions on PHP, and it works with 7.3 while it doesn't with 7.4.
The error is "Sorry, this file type is not permitted for security reasons.".
What I found is that finfo_file
function returns either "image/x-icon" or "image/vnd.microsoft.icon" depending on the PHP version I'm using.
In the first case, this will be allowed because it matches WP's internal mime types array. But in the second case, it will simply return an invalid type error (empty $type
and $ext
variables).
I used the following workaround:
<?php function tmp_wp_check_filetype_and_ext( $values, $file, $filename, $mimes, $real_mime ) { if( ! $values['ext'] && ! $values['type'] && $real_mime === 'image/vnd.microsoft.icon' && preg_match( '!\.(ico)$!i', $filename, $ext ) ) { $values['ext'] = $ext[1]; $values['type'] = 'image/x-icon'; } return $values; } add_filter( 'wp_check_filetype_and_ext', 'tmp_wp_check_filetype_and_ext', 10, 5 );
Attachments (1)
Change History (4)
This ticket was mentioned in PR #1562 on WordPress/wordpress-develop by jefferyto.
4 years ago
#2
- Keywords has-patch added
#3
@
4 years ago
While I haven't tested the output of finfo_file()
in my case, I'm pretty sure my PR (https://github.com/WordPress/wordpress-develop/pull/1562) addresses the root cause, since wp_get_image_mime()
is called (and the mimes to exts list tested) in the image type validation section before finfo_file()
is tried.
(As a side note, I think image/heic
can also be added to the default getimagesizes_mimes_to_exts
list since it is also in the list of recognized/allowed mime types, but I wanted to keep the PR focused on this ticket / fixing ICO file uploads.)
Plugins/themes can also work around this issue with something like:
<?php function trac52531_getimagesize_mimes_to_exts( $mime_to_ext ) { $mime_to_ext['image/x-icon'] = 'ico'; $mime_to_ext['image/vnd.microsoft.icon'] = 'ico'; return $mime_to_ext; } add_filter( 'getimagesize_mimes_to_exts', 'trac52531_getimagesize_mimes_to_exts' );
This adds the two common mime types for ICO files to the default
getimagesize_mimes_to_exts
list, for related reasons:image/x-icon
- This allows an ICO file with an incorrect extension to be uploaded and have its filename corrected (e.g. "logo.bmp" to "logo.ico").image/vnd.microsoft.icon
- In some server configurations,wp_get_image_mime()
will return this mime type for ICO files. Sincewp_check_filetype()
will always returnimage/x-icon
, ICO files will not be allowed to be uploaded unless this mime type is in thegetimagesize_mimes_to_exts
list.Trac ticket: https://core.trac.wordpress.org/ticket/52531