Make WordPress Core

Opened 6 months ago

Last modified 5 months ago

#52531 new defect (bug)

Unable to upload .ico with PHP 7.4

Reported by: lpointet Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.6.1
Component: Upload Keywords:
Focuses: Cc:



I found the following related ticket: #11824
You can find attached an example file.

On PHP 7.3.21 libmagic is shown as 533 in phpinfo under "fileinfo" section.
On PHP 7.4.9 libmagic is shown as 537 in phpinfo under "fileinfo" section.

I tried to upload the same file as an admin on a fresh WP install on both versions on PHP, and it works with 7.3 while it doesn't with 7.4.

The error is "Sorry, this file type is not permitted for security reasons.".

What I found is that finfo_file function returns either "image/x-icon" or "image/vnd.microsoft.icon" depending on the PHP version I'm using.
In the first case, this will be allowed because it matches WP's internal mime types array. But in the second case, it will simply return an invalid type error (empty $type and $ext variables).

I used the following workaround:

function tmp_wp_check_filetype_and_ext( $values, $file, $filename, $mimes, $real_mime ) {
        if( ! $values['ext'] && ! $values['type'] && $real_mime === 'image/vnd.microsoft.icon' && preg_match( '!\.(ico)$!i', $filename, $ext ) ) {
                $values['ext'] = $ext[1];
                $values['type'] = 'image/x-icon';

        return $values;
add_filter( 'wp_check_filetype_and_ext', 'tmp_wp_check_filetype_and_ext', 10, 5 );

Attachments (1)

clientportal-favicon.ico (361.4 KB) - added by lpointet 6 months ago.

Download all attachments as: .zip

Change History (2)

#1 @sabernhardt
5 months ago

  • Component changed from General to Upload
Note: See TracTickets for help on using tickets.