WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

wp_check_filetype() from skeltoac. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@3894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-06-21 23:17:19 +00:00
parent 6d7717e159
commit 3cf77a3b19
2 changed files with 64 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
wp-admin/admin-functions.php
View File

@ -1779,45 +1779,6 @@ function wp_handle_upload(&$file, $overrides = false) {
__("Missing a temporary folder."), __("Missing a temporary folder."),
__("Failed to write file to disk.")); __("Failed to write file to disk."));
// Accepted MIME types are set here as PCRE. Override with $override['mimes'].
$mimes = apply_filters('upload_mimes', array (
'jpg|jpeg|jpe' => 'image/jpeg',
'gif' => 'image/gif',
'png' => 'image/png',
'bmp' => 'image/bmp',
'tif|tiff' => 'image/tiff',
'ico' => 'image/x-icon',
'asf|asx|wax|wmv|wmx' => 'video/asf',
'avi' => 'video/avi',
'mov|qt' => 'video/quicktime',
'mpeg|mpg|mpe' => 'video/mpeg',
'txt|c|cc|h' => 'text/plain',
'rtx' => 'text/richtext',
'css' => 'text/css',
'htm|html' => 'text/html',
'mp3|mp4' => 'audio/mpeg',
'ra|ram' => 'audio/x-realaudio',
'wav' => 'audio/wav',
'ogg' => 'audio/ogg',
'mid|midi' => 'audio/midi',
'wma' => 'audio/wma',
'rtf' => 'application/rtf',
'js' => 'application/javascript',
'pdf' => 'application/pdf',
'doc' => 'application/msword',
'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
'wri' => 'application/vnd.ms-write',
'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
'mdb' => 'application/vnd.ms-access',
'mpp' => 'application/vnd.ms-project',
'swf' => 'application/x-shockwave-flash',
'class' => 'application/java',
'tar' => 'application/x-tar',
'zip' => 'application/zip',
'gz|gzip' => 'application/x-gzip',
'exe' => 'application/x-msdownload'
));
// All tests are on by default. Most can be turned off by $override[{test_name}] = false; // All tests are on by default. Most can be turned off by $override[{test_name}] = false;
$test_form = true; $test_form = true;
$test_size = true; $test_size = true;
@ -1845,17 +1806,11 @@ function wp_handle_upload(&$file, $overrides = false) {
if (! @ is_uploaded_file($file['tmp_name']) ) if (! @ is_uploaded_file($file['tmp_name']) )
return $upload_error_handler($file, __('Specified file failed upload test.')); return $upload_error_handler($file, __('Specified file failed upload test.'));
// A correct MIME type will pass this test. // A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
if ( $test_type ) { if ( $test_type ) {
$type = false; $wp_filetype = wp_check_filetype($file['name'], $mimes);
$ext = false;
foreach ($mimes as $ext_preg => $mime_match) { extract($wp_filetype);
$ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
$type = $mime_match;
$ext = $ext_matches[1];
}
}
if ( !$type || !$ext ) if ( !$type || !$ext )
return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.')); return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));

61
wp-includes/functions.php
View File

@ -963,7 +963,11 @@ function wp_upload_dir() {
function wp_upload_bits($name, $type, $bits) { function wp_upload_bits($name, $type, $bits) {
if ( empty($name) ) if ( empty($name) )
return array('error' => "Empty filename"); return array('error' => __("Empty filename"));
$wp_filetype = wp_check_filetype($name);
if ( !$wp_filetype['ext'] )
return array('error' => __("Invalid file type"));
$upload = wp_upload_dir(); $upload = wp_upload_dir();
@ -1009,6 +1013,61 @@ function wp_upload_bits($name, $type, $bits) {
return array('file' => $new_file, 'url' => $url, 'error' => false); return array('file' => $new_file, 'url' => $url, 'error' => false);
} }
function wp_check_filetype($filename, $mimes = null) {
// Accepted MIME types are set here as PCRE unless provided.
$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
'jpg|jpeg|jpe' => 'image/jpeg',
'gif' => 'image/gif',
'png' => 'image/png',
'bmp' => 'image/bmp',
'tif|tiff' => 'image/tiff',
'ico' => 'image/x-icon',
'asf|asx|wax|wmv|wmx' => 'video/asf',
'avi' => 'video/avi',
'mov|qt' => 'video/quicktime',
'mpeg|mpg|mpe' => 'video/mpeg',
'txt|c|cc|h' => 'text/plain',
'rtx' => 'text/richtext',
'css' => 'text/css',
'htm|html' => 'text/html',
'mp3|mp4' => 'audio/mpeg',
'ra|ram' => 'audio/x-realaudio',
'wav' => 'audio/wav',
'ogg' => 'audio/ogg',
'mid|midi' => 'audio/midi',
'wma' => 'audio/wma',
'rtf' => 'application/rtf',
'js' => 'application/javascript',
'pdf' => 'application/pdf',
'doc' => 'application/msword',
'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
'wri' => 'application/vnd.ms-write',
'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
'mdb' => 'application/vnd.ms-access',
'mpp' => 'application/vnd.ms-project',
'swf' => 'application/x-shockwave-flash',
'class' => 'application/java',
'tar' => 'application/x-tar',
'zip' => 'application/zip',
'gz|gzip' => 'application/x-gzip',
'exe' => 'application/x-msdownload'
));
$type = false;
$ext = false;
foreach ($mimes as $ext_preg => $mime_match) {
$ext_preg = '!\.(' . $ext_preg . ')$!i';
if ( preg_match($ext_preg, $filename, $ext_matches) ) {
$type = $mime_match;
$ext = $ext_matches[1];
break;
}
}
return compact('ext', 'type');
}
function do_trackbacks($post_id) { function do_trackbacks($post_id) {
global $wpdb; global $wpdb;