Make WordPress Core

Opened 8 weeks ago

Last modified 5 weeks ago

#58094 new defect (bug)

CSV files are prevented in PHP 8.1. due to wp_check_filetype_and_ext()

Reported by: bradshawtm's profile bradshawtm Owned by:
Milestone: 6.3 Priority: normal
Severity: minor Version: 6.2
Component: Upload Keywords: php81 needs-unit-tests has-patch
Focuses: Cc:

Description

finfo_file() gives different results for the same file in different PHP versions:

PHP 7.4: text/plain
PHP 8.0: application/csv
PHP 8.1: text/csv

The first two are currently allowed by WP, but the latter is not.

Change History (3)

#1 @SergeyBiryukov
8 weeks ago

  • Keywords needs-patch php81 needs-unit-tests added
  • Milestone changed from Awaiting Review to 6.3

Hi there, welcome to WordPress Trac! Thanks for the ticket.

Just noting that this previously came up in comment:49:ticket:50913, and [49049] / #50913 added application/csv to the list of supported types in wp_check_filetype_and_ext(), so that it works as expected on PHP 8.0.

While the text/csv type is technically allowed as of [44438] / #45615, it looks like the function may need a new conditional to check for it properly, similar to the one added for application/csv in [49049].

The unit tests might need some updates too if there is currently an issue with text/csv that they don't catch.

#2 @bradshawtm
8 weeks ago

While the text/csv type is technically allowed

Yes, it's recognised in the code as a valid mime type, but the piece that's missing is that it needs a similar check to the one added in [49049], line 2947, since finfo_file() gives text/csv in PHP 8.1 and thus doesn't match any of the other checks.

Thanks!

This ticket was mentioned in PR #4370 on WordPress/wordpress-develop by @elenachavdarova.


5 weeks ago
#3

  • Keywords has-patch added; needs-patch removed

Include text/csv to the list of supported types in wp_check_filetype_and_ext().

Track ticket: https://core.trac.wordpress.org/ticket/58094

Note: See TracTickets for help on using tickets.