Opened 8 weeks ago
Last modified 5 weeks ago
#58094 new defect (bug)
CSV files are prevented in PHP 8.1. due to wp_check_filetype_and_ext()
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 6.3 | Priority: | normal |
| Severity: | minor | Version: | 6.2 |
| Component: | Upload | Keywords: | php81 needs-unit-tests has-patch |
| Focuses: | Cc: |
Description
finfo_file() gives different results for the same file in different PHP versions:
PHP 7.4: text/plain
PHP 8.0: application/csv
PHP 8.1: text/csv
The first two are currently allowed by WP, but the latter is not.
Change History (3)
#1
@
8 weeks ago
- Keywords needs-patch php81 needs-unit-tests added
- Milestone changed from Awaiting Review to 6.3
#2
@
8 weeks ago
While the text/csv type is technically allowed
Yes, it's recognised in the code as a valid mime type, but the piece that's missing is that it needs a similar check to the one added in [49049], line 2947, since finfo_file() gives text/csv in PHP 8.1 and thus doesn't match any of the other checks.
Thanks!
This ticket was mentioned in PR #4370 on WordPress/wordpress-develop by @elenachavdarova.
5 weeks ago
#3
- Keywords has-patch added; needs-patch removed
Include text/csv to the list of supported types in wp_check_filetype_and_ext().
Track ticket: https://core.trac.wordpress.org/ticket/58094
Hi there, welcome to WordPress Trac! Thanks for the ticket.
Just noting that this previously came up in comment:49:ticket:50913, and [49049] / #50913 added
application/csvto the list of supported types inwp_check_filetype_and_ext(), so that it works as expected on PHP 8.0.While the
text/csvtype is technically allowed as of [44438] / #45615, it looks like the function may need a new conditional to check for it properly, similar to the one added forapplication/csvin [49049].The unit tests might need some updates too if there is currently an issue with
text/csvthat they don't catch.