From ba1682a270a1d2400c1c9249089e9218de8e0e9a Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Sat, 10 Nov 2012 05:36:37 +0000 Subject: [PATCH] Don't allow non-image uploads for custom headers and backgrounds. props kovshenin. fixes #22149. git-svn-id: https://develop.svn.wordpress.org/trunk@22521 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/custom-background.php | 8 +++++++- wp-admin/custom-header.php | 8 +++++++- wp-admin/includes/ajax-actions.php | 11 +++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/wp-admin/custom-background.php b/wp-admin/custom-background.php index 6b0a111266..447176e752 100644 --- a/wp-admin/custom-background.php +++ b/wp-admin/custom-background.php @@ -355,7 +355,13 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) ) check_admin_referer('custom-background-upload', '_wpnonce-custom-background-upload'); $overrides = array('test_form' => false); - $file = wp_handle_upload($_FILES['import'], $overrides); + + $uploaded_file = $_FILES['import']; + $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'], false ); + if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) + wp_die( __( 'The uploaded file is not a valid image. Please try again.' ) ); + + $file = wp_handle_upload($uploaded_file, $overrides); if ( isset($file['error']) ) wp_die( $file['error'] ); diff --git a/wp-admin/custom-header.php b/wp-admin/custom-header.php index 85a22dceba..6c16328845 100644 --- a/wp-admin/custom-header.php +++ b/wp-admin/custom-header.php @@ -768,7 +768,13 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> */ function step_2_manage_upload() { $overrides = array('test_form' => false); - $file = wp_handle_upload($_FILES['import'], $overrides); + + $uploaded_file = $_FILES['import']; + $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'], false ); + if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) + wp_die( __( 'The uploaded file is not a valid image. Please try again.' ) ); + + $file = wp_handle_upload($uploaded_file, $overrides); if ( isset($file['error']) ) wp_die( $file['error'], __( 'Image Upload Error' ) ); diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index 53bfe328fc..4dd8b17605 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -1609,6 +1609,17 @@ function wp_ajax_upload_attachment() { $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array(); + // If the context is custom header or background, make sure the uploaded file is an image. + if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) { + $wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false ); + if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) { + wp_send_json_error( array( + 'message' => __( 'The uploaded file is not a valid image. Please try again.' ), + 'filename' => $_FILES['async-upload']['name'], + ) ); + } + } + $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); if ( is_wp_error( $attachment_id ) ) {