The function get_allowed_mime_types should check wp_get_current_user

[giuse]

The function get_allowed_mime_types checks if the function current_user_can before using it, as you can see at ​https://developer.wordpress.org/reference/functions/get_allowed_mime_types/.

The function current_user_can calls wp_get_current_user, as you can see at ​https://developer.wordpress.org/reference/functions/current_user_can/

If the function get_allowed_mime_types is called when wp_get_current_user doesn't exist yet, it triggers a fatal error.

I think get_allowed_mime_types should check also if wp_get_current_user exist. I would write something like this:

<?php
function get_allowed_mime_types( $user = null ) {
    $t = wp_get_mime_types();
 
    unset( $t['swf'], $t['exe'] );
    if ( function_exists( 'current_user_can' ) && function_exists( 'wp_get_current_user' ) ) {
        $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
    }
 
    if ( empty( $unfiltered ) ) {
        unset( $t['htm|html'], $t['js'] );
    }
 
    /**
     * Filters list of allowed mime types and file extensions.
     *
     * @since 2.0.0
     *
     * @param array            $t    Mime types keyed by the file extension regex corresponding to those types.
     * @param int|WP_User|null $user User ID, User object or null if not provided (indicates current user).
     */
    return apply_filters( 'upload_mimes', $t, $user );
}

The function wp_get_current_user is defined in wp-includes/plugguble.php, so after all, plugins are loaded. This means that if you call sanitize_file_name inside a nu-plugin, or before the action 'plugin_loaded', you have the fatal error.

[elifvish]

The proposed solution looks good to me.

[callumbw95]

Hi all,
Just taking a look into this issue as its been sitting for a while, and at first glance I think it makes sense to include the check within the current_user_can() function so as to solve this issue more globally than opposed to within this specific edge case. For example:

<?php
function current_user_can( $capability, ...$args ) {
        if ( !function_exists( "wp_get_current_user" ) ) return false;
        return user_can( wp_get_current_user(), $capability, ...$args );
}

However can I check where you are calling get_allowed_mime_types() as I suspect you are calling it prior to the init hook. Calling your function within this hook, or any of the hooks called post this one will ensure that most if not all functions are defined ready for use. @giuse if you can expand on where you are calling the function, or where it is failing I can expand on my reply here.