From 76cbc0c5a166411c9bf220576537c6810db00838 Mon Sep 17 00:00:00 2001
From: madhusudhand <madhusudhan.dollu@gmail.com>
Date: Mon, 28 Aug 2023 18:28:30 +0530
Subject: [PATCH] add mime type validation for font uploads

add version check for font mimes

update ttf mime
---
 .../font-library/class-wp-font-family.php     |  4 ++-
 .../font-library/class-wp-font-library.php    | 26 ++++++++++++++++---
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/lib/experimental/fonts/font-library/class-wp-font-family.php b/lib/experimental/fonts/font-library/class-wp-font-family.php
index cacf504382cce8..ea8e3f8e95fdbc 100644
--- a/lib/experimental/fonts/font-library/class-wp-font-family.php
+++ b/lib/experimental/fonts/font-library/class-wp-font-family.php
@@ -181,7 +181,8 @@ private function get_upload_overrides( $filename ) {
 			'test_form'                => false,
 			// Seems mime type for files that are not images cannot be tested.
 			// See wp_check_filetype_and_ext().
-			'test_type'                => false,
+			'test_type'                => true,
+			'mimes'                    => WP_Font_Library::ALLOWED_FONT_MIME_TYPES,
 			'unique_filename_callback' => static function () use ( $filename ) {
 				// Keep the original filename.
 				return $filename;
@@ -541,6 +542,7 @@ private function create_or_update_font_post() {
 	 * @return array|WP_Error An array of font family data on success, WP_Error otherwise.
 	 */
 	public function install( $files = null ) {
+		add_filter( 'upload_mimes', array( 'WP_Font_Library', 'set_allowed_mime_types' ) );
 		add_filter( 'upload_dir', array( 'WP_Font_Library', 'set_upload_dir' ) );
 		$were_assets_written = $this->download_or_move_font_faces( $files );
 		remove_filter( 'upload_dir', array( 'WP_Font_Library', 'set_upload_dir' ) );
diff --git a/lib/experimental/fonts/font-library/class-wp-font-library.php b/lib/experimental/fonts/font-library/class-wp-font-library.php
index 65d0c831c1a371..1541ff5ad5c3fb 100644
--- a/lib/experimental/fonts/font-library/class-wp-font-library.php
+++ b/lib/experimental/fonts/font-library/class-wp-font-library.php
@@ -19,12 +19,18 @@
  * @since 6.4.0
  */
 class WP_Font_Library {
-
+	/*
+	* As of PHP 8.1.12, which includes libmagic/file update to version 5.42,
+	* the expected mime type for WOFF files is 'font/woff'.
+	*
+	* See https://github.com/php/php-src/issues/8805.
+	*/
 	const ALLOWED_FONT_MIME_TYPES = array(
 		'otf'   => 'font/otf',
-		'ttf'   => 'font/ttf',
-		'woff'  => 'font/woff',
-		'woff2' => 'font/woff2',
+		'ttf'   => 'font/sfnt',
+		// 'ttf'   => PHP_VERSION_ID >= 80112 ? 'font/ttf' : 'application/x-font-ttf',
+		'woff'  => PHP_VERSION_ID >= 80112 ? 'font/woff' : 'application/font-woff',
+		'woff2' => PHP_VERSION_ID >= 80112 ? 'font/woff2' : 'application/font-woff2',
 	);
 
 	/**
@@ -118,4 +124,16 @@ public static function set_upload_dir( $defaults ) {
 
 		return $defaults;
 	}
+
+	/**
+	 * Sets the allowed mime types for fonts.
+	 *
+	 * @since 6.4.0
+	 *
+	 * @param array $mime_types List of allowed mime types.
+	 * @return array Modified upload directory.
+	 */
+	public static function set_allowed_mime_types( $mime_types ) {
+		return array_merge( $mime_types, self::ALLOWED_FONT_MIME_TYPES );
+	}
 }