Skip to content

Error when an (image) upload’s mime type is unsupported #8322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
adamsilverstein wants to merge 31 commits into from
Closed

Error when an (image) upload’s mime type is unsupported #8322

adamsilverstein wants to merge 31 commits into from

Conversation

@adamsilverstein
Copy link
Member

@adamsilverstein adamsilverstein commented Feb 14, 2025

Trac ticket: https://core.trac.wordpress.org/ticket/61167

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

This was referenced Feb 14, 2025
Merged
Closed
@adamsilverstein adamsilverstein marked this pull request as ready for review February 14, 2025 21:43
@github-actions
Copy link

github-actions bot commented Feb 14, 2025
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props adamsilverstein, joedolson, sergeybiryukov, johnbillion, swissspidy.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@github-actions
Copy link

github-actions bot commented Feb 14, 2025

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • The Plugin and Theme Directories cannot be accessed within Playground.
  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

joedolson and others added 14 commits February 17, 2025 10:25
@joedolson @adamsilverstein
Customize: Accessibility: Restore heading semantics in sections.
86e9f38 
Remove `role="presentation"` from headings in the customizer. These were needed to avoid confusing semantics when the headings also acted as buttons to control accordions, changed in [59924].

Change responsive CSS to use `screen-reader-text` styling rather than `display: none` so that mobile retains the headings hierarchy.

Props joedolson, hbhalodia, mikinc860, guillaumeturpin, rcreators, tirth03, dhrumilk . 
Fixes #62215.

git-svn-id: https://develop.svn.wordpress.org/trunk@59825 602fd350-edb4-49c9-b593-d223f7449a82
@SergeyBiryukov @adamsilverstein
Coding Standards: Use strict comparison in wp_get_comment_status().
27c455a 
Follow-up to [546], [2258], [5666], [47219], [47808].

Props aristath, poena, afercia, SergeyBiryukov.
See #62279.

git-svn-id: https://develop.svn.wordpress.org/trunk@59826 602fd350-edb4-49c9-b593-d223f7449a82
@SergeyBiryukov @adamsilverstein
Coding Standards: Use strict comparison in pingback().
c7c17c3 
Follow-up to [2983], [38852].

Props aristath, poena, afercia, SergeyBiryukov.
See #62279.

git-svn-id: https://develop.svn.wordpress.org/trunk@59827 602fd350-edb4-49c9-b593-d223f7449a82
@johnbillion @adamsilverstein
Security: Switch to using bcrypt for hashing user passwords and BLAKE…
fe8630b 
…2b for hashing application passwords and security keys.

Passwords and security keys that were saved in prior versions of WordPress will continue to work. Each user's password will be opportunistically rehashed and resaved when they next subsequently log in using a valid password.

The following new functions have been introduced:

* `wp_password_needs_rehash()`
* `wp_fast_hash()`
* `wp_verify_fast_hash()`

The following new filters have been introduced:

* `password_needs_rehash`
* `wp_hash_password_algorithm`
* `wp_hash_password_options`

Props ayeshrajans, bgermann, dd32, deadduck169, desrosj, haozi, harrym, iandunn, jammycakes, joehoyle, johnbillion, mbijon, mojorob, mslavco, my1xt, nacin, otto42, paragoninitiativeenterprises, paulkevan, rmccue, ryanhellyer, scribu, swalkinshaw, synchro, th23, timothyblynjacobs, tomdxw, westi, xknown.

Additional thanks go to the Roots team, Soatok, Calvin Alkan, and Raphael Ahrens.

Fixes #21022, #44628

git-svn-id: https://develop.svn.wordpress.org/trunk@59828 602fd350-edb4-49c9-b593-d223f7449a82
@SergeyBiryukov @adamsilverstein
Docs: Correct formatting for get_the_date and get_the_time DocBlo…
18910a5 
…cks.

Follow-up to [53000].

See #62281.

git-svn-id: https://develop.svn.wordpress.org/trunk@59829 602fd350-edb4-49c9-b593-d223f7449a82
@swissspidy @adamsilverstein
General: Fix force_ssl_admin() to always return bool.
738772d 
Props pbearne, costdev, autotutorial, debarghyabanerjee, swissspidy.
Fixes #60023.

git-svn-id: https://develop.svn.wordpress.org/trunk@59830 602fd350-edb4-49c9-b593-d223f7449a82
@johnbillion @adamsilverstein
Security: Remove use of innerHTML in the `the_block_template_skip_l…
a88eff4 
…ink()` function.

There is no need to support HTML in this string and switching to `innerText` helps facilitate a more restrictive Content Security Policy.

Props micromadness, sabernhardt

Fixes #58765

git-svn-id: https://develop.svn.wordpress.org/trunk@59831 602fd350-edb4-49c9-b593-d223f7449a82
@adamsilverstein
Test uploading unsupported image type
eb41d06
@adamsilverstein
remove namespace copied from gutenberg PR
595a95d
@adamsilverstein
Merge branch 'trunk' into ticket/61167
29cfa8c
@adamsilverstein
phpcbf
36c52a5
@adamsilverstein
ensure file type set before using
a14653d
@adamsilverstein
Add and test new wp_prevent_unsupported_image_uploads filter
d8db732
@adamsilverstein
Add wp_prevent_unsupported_image_uploads filter to media.php
60639c5
@adamsilverstein
Copy link
Member Author

adamsilverstein commented Feb 20, 2025

I added a filter to disable the behavior both in the REST API and in media.php where we set up the upload limitation for the media library. Along the way I noticed we aren't handling support for HEIC images in the core check which might be worth adding in a future ticket.

@swissspidy - appreciate any feedback here on the filter naming and the approach.

@adamsilverstein
Copy link
Member Author

adamsilverstein commented Mar 17, 2025

@swissspidy I have addressed your feedback and this is ready for another review.

swissspidy
swissspidy approved these changes Mar 21, 2025
View reviewed changes
Copy link
Member

@swissspidy swissspidy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now 👍

@adamsilverstein
Copy link
Member Author

adamsilverstein commented Mar 25, 2025

Closing as fixed in https://core.trac.wordpress.org/changeset/60084

@Mamaduka Mamaduka mentioned this pull request Apr 1, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swissspidy swissspidy swissspidy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@adamsilverstein @swissspidy @joedolson @SergeyBiryukov @johnbillion