Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
WP-r44443: Upload: Fix upload failures of common text file types. #354
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.
Merges https://core.trac.wordpress.org/changeset/44438, https://core.trac.wordpress.org/changeset/44439, https://core.trac.wordpress.org/changeset/44441, and https://core.trac.wordpress.org/changeset/44442 to the 4.9 branch.
WP:Props Kloon, birgire, tellyworth, joemcgill.
As written here https://make.wordpress.org/core/2018/12/13/backwards-compatibility-breaks-in-5-0-1/ for safety reason they added this checks but few plugins was broken after that.
@Mte90 thanks for the additional context, so this change is basically "fix CSV uploads on some servers, and a few other related cases where files are occasionally detected as plain text."
File upload verification is always going to be a mess as long as it relies on the
Still, this seems like a good change to keep up with WP. According to https://core.trac.wordpress.org/ticket/45615#comment:39 and https://core.trac.wordpress.org/ticket/45615#comment:42
There's one more thing I'd like us to do in this PR, which is https://core.trac.wordpress.org/ticket/45707 (adding a new filter parameter that makes it easier to override file upload behavior, if needed). I'll add this commit to the PR now.
If @invisnet has time to look at this PR this week I think that would be a good idea.
Some additional context:
Due to recent hardening of upload file validation, some files (CSV and RTF for example) may fail validation in WP 4.9.x. More info: https://make.wordpress.org/core/2018/12/13/backwards-compatibility-breaks-in-5-0-1/
This was relaxed a bit in a later WP 5.x version (but not in 4.9.x) by allowing "a few common file types [that] are occasionally detected as text/plain" to pass validation. This PR ports the changes to relax validation to ClassicPress.
I was able to confirm the changes work as expected. On my system, the 3 new test files added here fail to upload before these changes and pass after these changes, because they are covered by the new conditions added here:
We haven't had any reports of this as a bug in ClassicPress.
I have been thinking about how we decide whether to accept changes from WP. We can't accept all of them, there are just too many and a lot of them wouldn't make sense anyway. I did come up with something more concrete than that though:
Overall, I think this is good enough to accept.