restricting file upload types #49
Conversation
…-file-upload-types
…-file-upload-types
…ion or version migration
There was a problem hiding this comment.
@kkarpieszuk sorry for being silent for so long time 🙏 and thanks for handling it by yourself!
I've made a first round of reviews and here is my feedback:
- There is an issue once I've checked out to PR branch without additional actions - *.jpg file type is not allowed, see. The same with other natively registered types, e.g. https://a.supportally.com/4NWVC2, https://a.supportally.com/TUH50E. Env.: WP 5.2 / PHP 5.6.
- See comment below.
|
@cheh I have fixed issue with missing option to upload native type even though it was checked as available additionally, I have applied all your suggested changes. In a few comments you asked why I decided for some approach and my general answer is: it was because I changed strategy during the work on this and sometimes I forgot to clean the older apporach (like injecting Plugin class into Allowed). I cleared all such cases and now code should be simpler. |
|
Unfortunately, there is I guess the root of the problem is using |
|
I moved it to separate line for better clarity (also in one more place where I wrapped it in brackets in the same way). @cheh please continue |
There was a problem hiding this comment.
There is an interesting case when the user adds a fake MIME Type with an extension that already exists - https://a.supportally.com/iTIwIg. Personally, I expected that I wasn't able to upload *.numbers file.
| add_filter( 'fileuploadtypes_settings_transform_native_type', [ $this, 'get_upload_type' ] ); | ||
| } | ||
|
|
||
| // phpcs:disable Generic.Metrics.CyclomaticComplexity.TooHigh |
There was a problem hiding this comment.
Looks like this phpcs:disable is unnecessary.
There was a problem hiding this comment.
it is needed in fact: without this, phpcs says the complexity of this method is too high.
src/Restrict/Native/Admin.php
Outdated
|
|
||
| $stored_types = get_option( 'file_upload_types', [] ); | ||
| $native_types = isset( $stored_types['native'] ) ? (array) $stored_types['native'] : []; | ||
| $enabled_types = isset( $stored_types['enabled'] ) ? (array) $stored_types['enabled'] : []; |
There was a problem hiding this comment.
Since it is used in several places, perhaps it could be moved into a separate method (maybe introduce a new Helper class) or global function. So, using that we always receive an array with needed keys (enabled, native, custom).
There was a problem hiding this comment.
introduced new StoredTypes class with magic __get method. It cries for __set method as well but adding it would be completely out of scope of this ticket: if I did it, I would have to rewrite tons of code in this plugin and it will be not related to native types anymore.
So for the time being I didn't touch any code related to setting/saving data to wp_options
|
|
||
| remove_filter( 'upload_mimes', [ $this->allowed, 'allowed_types' ] ); | ||
|
|
||
| self::$unfiltered_types = get_allowed_mime_types(); |
There was a problem hiding this comment.
A good point is to skip types allowed by the FUT plugin.
But what about other third-party plugins that can allow custom/own MIME types?
In that case, we cannot assure that all retrieved types are allowed natively by WordPress.
Does WP have any other ways here?
There was a problem hiding this comment.
"native" name is a bit misinforming here, but I didn't find anything better. In fact the logic here is to add support for any file types which are not coming from our json file.
So it doesn't matter if the file type is natively added by WP plugin or some plugin, other than File Upload Types plugin.
Therefore, the logic here is correct: we just want to get all file types which are not affected by FUT plugin. We should keep this piece of code as is.
| if ( ! empty( $native_types ) ) : | ||
|
|
||
| ?> | ||
| <tr class="section"> |
There was a problem hiding this comment.
Let's create a new abstraction/class for passing data to templates and move HTML markup to a template file.
There was a problem hiding this comment.
I can completely do this, but I vote to create an GH issue for this and handle separately as this is not 100% related to the task. I mean this piece of code is, but what do you think about introducing templates for all html we already have? This code to echo pieces of <table> is here and there: it would be great to convert them to templates as a separate task, what to you say?
src/Migrations/Dispatcher.php
Outdated
| * | ||
| * @since {VERSION} | ||
| * | ||
| * @return void |
There was a problem hiding this comment.
IIRC, we don't have an agreement to add return void for method/functions if they don't return anything. Could you please remove it here and in other places?
| $option_changed = false; | ||
|
|
||
| foreach ( $all_migrations as $name => $callback ) { | ||
| if ( ! isset( $already_run[ $name ] ) && is_callable( $callback ) && $callback() ) { |
There was a problem hiding this comment.
Please, add a blank line before if.
src/Migrations/Dispatcher.php
Outdated
| foreach ( $all_migrations as $name => $callback ) { | ||
| if ( ! isset( $already_run[ $name ] ) && is_callable( $callback ) && $callback() ) { | ||
| $already_run[ $name ] = 1; | ||
| $option_changed = true; |
There was a problem hiding this comment.
Please, remove one extra tab-indent here and above.
src/Migrations/Dispatcher.php
Outdated
| $all_migrations = $this->get_migrations_list(); | ||
| $option_changed = false; | ||
|
|
||
| foreach ( $all_migrations as $name => $callback ) { |
There was a problem hiding this comment.
$this->get_migrations_list() could be used instead of $all_migrations.
src/Settings.php
Outdated
| @@ -290,6 +292,10 @@ public function display_types_table() { // phpcs:ignore Generic.Metrics.NestingL | |||
| } | |||
|
|
|||
| endif; | |||
|
|
|||
| // phpcs:disable WPForms.Comments.PHPDocHooks.RequiredHookDocumentation | |||
| do_action( 'fileuploadtypes_settings_display_types_table_after_enabled_types' ); | |||
There was a problem hiding this comment.
awesomemotive/wpforms-phpcs package has an issue and notify about an invalid hook name incorrectly. For better readability the FileUploadTypes namespace should be converted to file_upload_types.
Could you please change nabes for all new hooks?
Obviously, you will have to use phpcs:disable / phpcs:enable for reducing a noise.
src/Allowed.php
Outdated
| * | ||
| * @var array | ||
| */ | ||
| private $enabled_types; |
There was a problem hiding this comment.
It could be initialized as an empty array.
|
@cheh I've applied most of your suggestions and if I didn't I provided my reasoning comments why not. about this:
Yup, but the same is in In general I found - but I didn't explore it deeply yet, I am still quite new to FUT plugin and mime types handling in WP - WordPress probably in fact ignores mime types when restricting and looks only on file extension. Weird and I might be wrong, but it requires deeper investigation and that's why I suggest a separate ticket. So to sum up again:
|
Fixes #35
Test steps: