From 8dce026973bf8522d6e17b2a21ce1054d7a40c5d Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 21 Jun 2006 23:24:13 +0000 Subject: [PATCH] wp_check_filetype() from skeltoac. git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3895 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-functions.php | 53 +++-------------------------- wp-includes/functions-post.php | 61 +++++++++++++++++++++++++++++++++- 2 files changed, 64 insertions(+), 50 deletions(-) diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index d9cb58f662..a0ecbb8250 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -1664,45 +1664,6 @@ function wp_handle_upload(&$file, $overrides = false) { __("Missing a temporary folder."), __("Failed to write file to disk.")); - // Accepted MIME types are set here as PCRE. Override with $override['mimes']. - $mimes = apply_filters('upload_mimes', array ( - 'jpg|jpeg|jpe' => 'image/jpeg', - 'gif' => 'image/gif', - 'png' => 'image/png', - 'bmp' => 'image/bmp', - 'tif|tiff' => 'image/tiff', - 'ico' => 'image/x-icon', - 'asf|asx|wax|wmv|wmx' => 'video/asf', - 'avi' => 'video/avi', - 'mov|qt' => 'video/quicktime', - 'mpeg|mpg|mpe' => 'video/mpeg', - 'txt|c|cc|h' => 'text/plain', - 'rtx' => 'text/richtext', - 'css' => 'text/css', - 'htm|html' => 'text/html', - 'mp3|mp4' => 'audio/mpeg', - 'ra|ram' => 'audio/x-realaudio', - 'wav' => 'audio/wav', - 'ogg' => 'audio/ogg', - 'mid|midi' => 'audio/midi', - 'wma' => 'audio/wma', - 'rtf' => 'application/rtf', - 'js' => 'application/javascript', - 'pdf' => 'application/pdf', - 'doc' => 'application/msword', - 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', - 'wri' => 'application/vnd.ms-write', - 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel', - 'mdb' => 'application/vnd.ms-access', - 'mpp' => 'application/vnd.ms-project', - 'swf' => 'application/x-shockwave-flash', - 'class' => 'application/java', - 'tar' => 'application/x-tar', - 'zip' => 'application/zip', - 'gz|gzip' => 'application/x-gzip', - 'exe' => 'application/x-msdownload' - )); - // All tests are on by default. Most can be turned off by $override[{test_name}] = false; $test_form = true; $test_size = true; @@ -1730,17 +1691,11 @@ function wp_handle_upload(&$file, $overrides = false) { if (! @ is_uploaded_file($file['tmp_name']) ) return $upload_error_handler($file, __('Specified file failed upload test.')); - // A correct MIME type will pass this test. + // A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter. if ( $test_type ) { - $type = false; - $ext = false; - foreach ($mimes as $ext_preg => $mime_match) { - $ext_preg = '![^.]\.(' . $ext_preg . ')$!i'; - if ( preg_match($ext_preg, $file['name'], $ext_matches) ) { - $type = $mime_match; - $ext = $ext_matches[1]; - } - } + $wp_filetype = wp_check_filetype($file['name'], $mimes); + + extract($wp_filetype); if ( !$type || !$ext ) return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.')); diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php index 8713779a71..fd9d8be5bd 100644 --- a/wp-includes/functions-post.php +++ b/wp-includes/functions-post.php @@ -917,7 +917,11 @@ function wp_upload_dir() { function wp_upload_bits($name, $type, $bits) { if ( empty($name) ) - return array('error' => "Empty filename"); + return array('error' => __("Empty filename")); + + $wp_filetype = wp_check_filetype($name); + if ( !$wp_filetype['ext'] ) + return array('error' => __("Invalid file type")); $upload = wp_upload_dir(); @@ -963,4 +967,59 @@ function wp_upload_bits($name, $type, $bits) { return array('file' => $new_file, 'url' => $url, 'error' => false); } +function wp_check_filetype($filename, $mimes = null) { + // Accepted MIME types are set here as PCRE unless provided. + $mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array ( + 'jpg|jpeg|jpe' => 'image/jpeg', + 'gif' => 'image/gif', + 'png' => 'image/png', + 'bmp' => 'image/bmp', + 'tif|tiff' => 'image/tiff', + 'ico' => 'image/x-icon', + 'asf|asx|wax|wmv|wmx' => 'video/asf', + 'avi' => 'video/avi', + 'mov|qt' => 'video/quicktime', + 'mpeg|mpg|mpe' => 'video/mpeg', + 'txt|c|cc|h' => 'text/plain', + 'rtx' => 'text/richtext', + 'css' => 'text/css', + 'htm|html' => 'text/html', + 'mp3|mp4' => 'audio/mpeg', + 'ra|ram' => 'audio/x-realaudio', + 'wav' => 'audio/wav', + 'ogg' => 'audio/ogg', + 'mid|midi' => 'audio/midi', + 'wma' => 'audio/wma', + 'rtf' => 'application/rtf', + 'js' => 'application/javascript', + 'pdf' => 'application/pdf', + 'doc' => 'application/msword', + 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', + 'wri' => 'application/vnd.ms-write', + 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel', + 'mdb' => 'application/vnd.ms-access', + 'mpp' => 'application/vnd.ms-project', + 'swf' => 'application/x-shockwave-flash', + 'class' => 'application/java', + 'tar' => 'application/x-tar', + 'zip' => 'application/zip', + 'gz|gzip' => 'application/x-gzip', + 'exe' => 'application/x-msdownload' + )); + + $type = false; + $ext = false; + + foreach ($mimes as $ext_preg => $mime_match) { + $ext_preg = '!\.(' . $ext_preg . ')$!i'; + if ( preg_match($ext_preg, $filename, $ext_matches) ) { + $type = $mime_match; + $ext = $ext_matches[1]; + break; + } + } + + return compact('ext', 'type'); +} + ?>