The function get_allowed_mime_types should check wp_get_current_user

[giuse]

The function get_allowed_mime_types checks if the function current_user_can before using it, as you can see at ​https://developer.wordpress.org/reference/functions/get_allowed_mime_types/.

The function current_user_can calls wp_get_current_user, as you can see at ​https://developer.wordpress.org/reference/functions/current_user_can/

If the function get_allowed_mime_types is called when wp_get_current_user doesn't exist yet, it triggers a fatal error.

I think get_allowed_mime_types should check also if wp_get_current_user exist. I would write something like this:

<?php
function get_allowed_mime_types( $user = null ) {
    $t = wp_get_mime_types();
 
    unset( $t['swf'], $t['exe'] );
    if ( function_exists( 'current_user_can' ) && function_exists( 'wp_get_current_user' ) ) {
        $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' );
    }
 
    if ( empty( $unfiltered ) ) {
        unset( $t['htm|html'], $t['js'] );
    }
 
    /**
     * Filters list of allowed mime types and file extensions.
     *
     * @since 2.0.0
     *
     * @param array            $t    Mime types keyed by the file extension regex corresponding to those types.
     * @param int|WP_User|null $user User ID, User object or null if not provided (indicates current user).
     */
    return apply_filters( 'upload_mimes', $t, $user );
}

The function wp_get_current_user is defined in wp-includes/plugguble.php, so after all, plugins are loaded. This means that if you call sanitize_file_name inside a nu-plugin, or before the action 'plugin_loaded', you have the fatal error.

[elifvish]

The proposed solution looks good to me.

[callumbw95]

Hi all,
Just taking a look into this issue as its been sitting for a while, and at first glance I think it makes sense to include the check within the current_user_can() function so as to solve this issue more globally than opposed to within this specific edge case. For example:

<?php
function current_user_can( $capability, ...$args ) {
        if ( !function_exists( "wp_get_current_user" ) ) return false;
        return user_can( wp_get_current_user(), $capability, ...$args );
}

However can I check where you are calling get_allowed_mime_types() as I suspect you are calling it prior to the init hook. Calling your function within this hook, or any of the hooks called post this one will ensure that most if not all functions are defined ready for use. @giuse if you can expand on where you are calling the function, or where it is failing I can expand on my reply here.

[bruheshwarinikhil]

Updated patch adding function_exists('wp_get_current_user') check and unit tests

…s. –Fixes a fatal error when get_allowed_mime_types() is called befor wp_get_current_user() is defined (e.g. in a mu-plugin or before the plugin_loaded action). Fixes #55563.

Trac ticket:

## Use of AI Tools

[bruheshwarinikhil]

Fixes a fatal error when get_allowed_mime_types() is called before wp_get_current_user() is defined (e.g. in a mu-plugin or before the plugin_loaded action). Fixes #55563.

Adds function_exists( 'wp_get_current_user' ) check alongside the existing current_user_can check so the function degrades safely when the user system isn't loaded yet.

PR Link => ​https://github.com/WordPress/wordpress-develop/pull/11482

[bruheshwarinikhil]

Updated patch adding function_exists('wp_get_current_user') check and unit tests