Validate MIME type against extensions #120
Conversation
inc/checks/class-validate-mime.php
Outdated
| 'wdp' => array( 'image/vnd.ms-photo' ), | ||
| 'web' => array( 'application/vnd.xara' ), | ||
| 'weba' => array( 'audio/webm' ), | ||
| 'webapp' => array( 'application/x-web-app-manifest+j |
There was a problem hiding this comment.
I'm not quite sure this is the same check as #88 describes...
SHouldn't this check that $file_extension matches $file_mime_type?
There was a problem hiding this comment.
@danielbachhuber
I'm a bit confused 😅 ?
For example, a file can have an extension .jpeg with the following mime-types : image/jpeg, image/pjpeg, in case, the extension is modified to .png, the mime-type will still remain the same and return an error
| @@ -38,3 +38,5 @@ theme-update: | |||
| check: Theme_Update | |||
| php-in-upload: | |||
| check: PHP_In_Upload | |||
| validate-mime: | |||
| check: Validate_Mime | |||
There was a problem hiding this comment.
Can you include a test for this check please?
inc/checks/class-validate-mime.php
Outdated
| 'wdp' => array( 'image/vnd.ms-photo' ), | ||
| 'web' => array( 'application/vnd.xara' ), | ||
| 'weba' => array( 'audio/webm' ), | ||
| 'webapp' => array( 'application/x-web-app-manifest+j |
There was a problem hiding this comment.
It doesn't need to happen in this PR, but we should make sure the uploads directory is only iterated once for all checks, not once for each check.
See #121
There was a problem hiding this comment.
I'm not too keen on having a large list of MIME types that we need to update and maintain over time.
I have created a Composer plugin that pulls down the list of MIME types from the Apache HTTP Server source files and parses them so you can use them in PHP.
You can find the package here: https://github.com/brightnucleus/mime-types
This way, the list of MIME types will keep itself up-to-date.
command.php
Outdated
| @@ -4,6 +4,8 @@ | |||
| return; | |||
| } | |||
|
|
|||
| require 'vendor/autoload.php'; | |||
There was a problem hiding this comment.
You need to check for the existence of this file first, because the folder will not exist if the package is used as a dependency, not a root package:
$autoload = dirname( __FILE__ ) . '/vendor/autoload.php';
if ( file_exists( $autoload ) ) {
require_once $autoload;
}There was a problem hiding this comment.
My apologies. I made the necessary changes.
|
@schlessera Builds are failing because Not sure why it's unable to access protected method under the same class? |
V0.2.0+ changes the generation code to get rid of static access to protected methods, as this seems to cause issues with Travis. See wp-cli#120 (comment)
|
@Sidsector9 I don't understand either what the issue is. The code was tested and working, and there's no reason that I can see why it shouldn't work. Regardless, I pushed a new version of the package that restructures the code to get rid of these protected calls, and bump the required version in your PR. Let's see how that goes... |
schlessera
changed the title
V0.2.0+ changes the generation code to get rid of static access to protected methods, as this seems to cause issues with Travis. See #120 (comment)
GH#88 Added feature to validate MIME type against extensions
See #88