Media: Improve image filetype checking.

This adds a new function `wp_get_image_mime()` which is used by
`wp_check_filetype_and_ext()` to validate image files using
`exif_imagetype()` if available instead of `getimagesize()`.

`getimagesize()` is less performant than `exif_imagetype()` and is
dependent on GD. If `exif_imagetype()` is not available, it falls back to
`getimagesize()` as before.

If `wp_check_filetype_and_ext()` can't validate the filetype, we now return
`false` for ext/MIME values.

Merges [39831] to the 3.7 branch.

Built from https://develop.svn.wordpress.org/branches/3.7@39842


git-svn-id: http://core.svn.wordpress.org/branches/3.7@39780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Joe McGill 2017-01-11 13:21:09 +00:00
parent dbb5bf710f
commit e6de513be6
1 changed files with 53 additions and 8 deletions

View File

@ -1878,7 +1878,7 @@ function wp_check_filetype( $filename, $mimes = null ) {
* If it's determined that the extension does not match the file's real type,
* then the "proper_filename" value will be set with a proper filename and extension.
*
* Currently this function only supports validating images known to getimagesize().
* Currently this function only supports renaming images validated via wp_get_image_mime().
*
* @since 3.0.0
*
@ -1899,14 +1899,15 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
if ( ! file_exists( $file ) )
return compact( 'ext', 'type', 'proper_filename' );
// We're able to validate images using GD
if ( $type && 0 === strpos( $type, 'image/' ) && function_exists('getimagesize') ) {
// Validate image types.
if ( $type && 0 === strpos( $type, 'image/' ) ) {
// Attempt to figure out what type of image it actually is
$imgstats = @getimagesize( $file );
$real_mime = wp_get_image_mime( $file );
// If getimagesize() knows what kind of image it really is and if the real MIME doesn't match the claimed MIME
if ( !empty($imgstats['mime']) && $imgstats['mime'] != $type ) {
if ( ! $real_mime ) {
$type = $ext = false;
} elseif ( $real_mime != $type ) {
// This is a simplified array of MIMEs that getimagesize() can detect and their extensions
// You shouldn't need to use this filter, but it's here just in case
$mime_to_ext = apply_filters( 'getimagesize_mimes_to_exts', array(
@ -1918,10 +1919,10 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
) );
// Replace whatever is after the last period in the filename with the correct extension
if ( ! empty( $mime_to_ext[ $imgstats['mime'] ] ) ) {
if ( ! empty( $mime_to_ext[ $real_mime ] ) ) {
$filename_parts = explode( '.', $filename );
array_pop( $filename_parts );
$filename_parts[] = $mime_to_ext[ $imgstats['mime'] ];
$filename_parts[] = $mime_to_ext[ $real_mime ];
$new_filename = implode( '.', $filename_parts );
if ( $new_filename != $filename )
@ -1930,8 +1931,20 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
// Redefine the extension / MIME
$wp_filetype = wp_check_filetype( $new_filename, $mimes );
extract( $wp_filetype );
} else {
$type = $ext = false;
}
}
} elseif ( function_exists( 'finfo_file' ) ) {
// Use finfo_file if available to validate non-image files.
$finfo = finfo_open( FILEINFO_MIME_TYPE );
$real_mime = finfo_file( $finfo, $file );
finfo_close( $finfo );
// If the extension does not match the file's real type, return false.
if ( $real_mime !== $type ) {
$type = $ext = false;
}
}
// Let plugins try and validate other types of files
@ -1939,6 +1952,38 @@ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) {
return apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes );
}
/**
* Returns the real mime type of an image file.
*
* This depends on exif_imagetype() or getimagesize() to determine real mime types.
*
* @since 4.7.1
*
* @param string $file Full path to the file.
* @return string|false The actual mime type or false if the type cannot be determined.
*/
function wp_get_image_mime( $file ) {
/*
* Use exif_imagetype() to check the mimetype if available or fall back to
* getimagesize() if exif isn't avaialbe. If either function throws an Exception
* we assume the file could not be validated.
*/
try {
if ( ! is_callable( 'exif_imagetype' ) ) {
$mime = image_type_to_mime_type( exif_imagetype( $file ) );
} elseif ( function_exists( 'getimagesize' ) ) {
$imagesize = getimagesize( $file );
$mime = ( isset( $imagesize['mime'] ) ) ? $imagesize['mime'] : false;
} else {
$mime = false;
}
} catch ( Exception $e ) {
$mime = false;
}
return $mime;
}
/**
* Retrieve list of mime types and file extensions.
*