Upload: Fix upload failures of common text file types.

This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1. Props Kloon, birgire, tellyworth, joemcgill. See #45615. git-svn-id: https://develop.svn.wordpress.org/trunk@44438 602fd350-edb4-49c9-b593-d223f7449a82
2019-01-07 20:47:56 +00:00 · 2019-01-07 20:47:56 +00:00 · 94c8a5d994
commit 94c8a5d994
parent c7fb3b36ea
2 changed files with 72 additions and 2 deletions
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@ -2569,10 +2569,31 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
 			 * This means that common mismatches are forgiven: application/vnd.apple.numbers is often misidentified as application/zip,
 			 * and some media files are commonly named with the wrong extension (.mov instead of .mp4)
 			 */
-
 			if ( substr( $real_mime, 0, strcspn( $real_mime, '/' ) ) !== substr( $type, 0, strcspn( $type, '/' ) ) ) {
 				$type = $ext = false;
 			}
+		} elseif ( 'text/plain' === $real_mime ) {
+			// A few common file types are occasionally detected as text/plain; allow those.
+			if ( ! in_array( $type, array(
+					'text/plain',
+					'text/csv',
+					'text/richtext',
+					'text/tsv',
+					'text/vtt',
+				) )
+			) {
+				$type = $ext = false;
+			}
+		} elseif( 'text/rtf' === $real_mime ) {
+			// Special casing for RTF files.
+			if ( ! in_array( $type, array(
+					'text/rtf',
+					'text/plain',
+					'application/rtf',
+				) )
+			) {
+				$type = $ext = false;
+			}
 		} else {
 			if ( $type !== $real_mime ) {
 				/*
--- a/tests/phpunit/tests/functions.php
+++ b/tests/phpunit/tests/functions.php
@ -1230,7 +1230,7 @@ class Tests_Functions extends WP_UnitTestCase {
 	}

 	/**
-	 * Data profider for test_wp_get_image_mime();
+	 * Data provider for test_wp_get_image_mime();
 	 */
 	public function _wp_get_image_mime() {
 		$data = array(
@ -1336,6 +1336,55 @@ class Tests_Functions extends WP_UnitTestCase {
 					'proper_filename' => false,
 				),
 			),
+			// Non-image file not allowed even if it's named like one.
+			array(
+				DIR_TESTDATA . '/export/crazy-cdata.xml',
+				'crazy-cdata.jpg',
+				array(
+					'ext' => false,
+					'type' => false,
+					'proper_filename' => false,
+				),
+			),
+			// Non-image file not allowed if it's named like something else.
+			array(
+				DIR_TESTDATA . '/export/crazy-cdata.xml',
+				'crazy-cdata.doc',
+				array(
+					'ext' => false,
+					'type' => false,
+					'proper_filename' => false,
+				),
+			),
+			// Assorted text/* sample files
+			array(
+				DIR_TESTDATA . '/uploads/test.vtt',
+				'test.vtt',
+				array(
+					'ext' => 'vtt',
+					'type' => 'text/vtt',
+					'proper_filename' => false,
+				),
+			),
+			array(
+				DIR_TESTDATA . '/uploads/test.csv',
+				'test.csv',
+				array(
+					'ext' => 'csv',
+					'type' => 'text/csv',
+					'proper_filename' => false,
+				),
+			),
+			// RTF files.
+			array(
+				DIR_TESTDATA . '/uploads/test.rtf',
+				'test.rtf',
+				array(
+					'ext' => 'rtf',
+					'type' => 'application/rtf',
+					'proper_filename' => false,
+				),
+			),
 		);

 		// Test a few additional file types on single sites.