add mime type validation for font uploads

add version check for font mimes update ttf mime
WordPress · Sep 13, 2023 · 76cbc0c · 76cbc0c
1 parent b05bee7
commit 76cbc0c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/lib/experimental/fonts/font-library/class-wp-font-family.php b/lib/experimental/fonts/font-library/class-wp-font-family.php
@@ -181,7 +181,8 @@ private function get_upload_overrides( $filename ) {
 			'test_form'                => false,
 			// Seems mime type for files that are not images cannot be tested.
 			// See wp_check_filetype_and_ext().
-			'test_type'                => false,
+			'test_type'                => true,
+			'mimes'                    => WP_Font_Library::ALLOWED_FONT_MIME_TYPES,
 			'unique_filename_callback' => static function () use ( $filename ) {
 				// Keep the original filename.
 				return $filename;
@@ -541,6 +542,7 @@ private function create_or_update_font_post() {
 	 * @return array|WP_Error An array of font family data on success, WP_Error otherwise.
 	 */
 	public function install( $files = null ) {
+		add_filter( 'upload_mimes', array( 'WP_Font_Library', 'set_allowed_mime_types' ) );
 		add_filter( 'upload_dir', array( 'WP_Font_Library', 'set_upload_dir' ) );
 		$were_assets_written = $this->download_or_move_font_faces( $files );
 		remove_filter( 'upload_dir', array( 'WP_Font_Library', 'set_upload_dir' ) );

diff --git a/lib/experimental/fonts/font-library/class-wp-font-library.php b/lib/experimental/fonts/font-library/class-wp-font-library.php
@@ -19,12 +19,18 @@
  * @since 6.4.0
  */
 class WP_Font_Library {
-
+	/*
+	* As of PHP 8.1.12, which includes libmagic/file update to version 5.42,
+	* the expected mime type for WOFF files is 'font/woff'.
+	*
+	* See https://github.com/php/php-src/issues/8805.
+	*/
 	const ALLOWED_FONT_MIME_TYPES = array(
 		'otf'   => 'font/otf',
-		'ttf'   => 'font/ttf',
-		'woff'  => 'font/woff',
-		'woff2' => 'font/woff2',
+		'ttf'   => 'font/sfnt',
+		// 'ttf'   => PHP_VERSION_ID >= 80112 ? 'font/ttf' : 'application/x-font-ttf',
+		'woff'  => PHP_VERSION_ID >= 80112 ? 'font/woff' : 'application/font-woff',
+		'woff2' => PHP_VERSION_ID >= 80112 ? 'font/woff2' : 'application/font-woff2',
 	);
 
 	/**
@@ -118,4 +124,16 @@ public static function set_upload_dir( $defaults ) {
 
 		return $defaults;
 	}
+
+	/**
+	 * Sets the allowed mime types for fonts.
+	 *
+	 * @since 6.4.0
+	 *
+	 * @param array $mime_types List of allowed mime types.
+	 * @return array Modified upload directory.
+	 */
+	public static function set_allowed_mime_types( $mime_types ) {
+		return array_merge( $mime_types, self::ALLOWED_FONT_MIME_TYPES );
+	}
 }