[REST API] Invalid image: Url’s which don’t have file extensions don’t work

masteradhoc commented 3 years ago

Prerequisites (mark completed items with an [x]):

[x] I have carried out troubleshooting steps and I believe I have found a bug.
[x] I have searched for similar bugs in both open and closed issues and cannot find a duplicate.

Describe the bug When trying to add images to products per API, Url’s for pictures which don’t have a file-extension don’t work. The images are valid JPG’s and can be viewed and downloaded by the browser. For example:

https://media.istockphoto.com/photos/coppersmith-repair-copper-kettle-on-fire-in-kashgar-in-xinjiang-picture-id1298102169?s=612x612

Expected behavior Image should be uploaded by woocommerce automatically without an error.

Actual behavior Error Message is shown when trying to upload the image over API.

Steps to reproduce the bug (We need to be able to reproduce the bug in order to fix it.) Steps to reproduce the bug:

Create or update article per API and insert a URL to a JPG-Image without file-extension:
You will get the error message:

Isolating the problem (mark completed items with an [x]):

[x] I have deactivated other plugins and confirmed this bug occurs when only WooCommerce plugin is active.
[x] This bug happens with a default WordPress theme active, or Storefront.
[x] I can reproduce this bug consistently using the steps above.

WordPress Environment We use the WooCommerce System Status Report to help us evaluate the issue. Without this report we won't be able to fully evaluate this issue.

WordPress Umgebung WordPress-Adresse (URL): https://xxxxxx.ch Website-Adresse (URL): https://xxxxxx.ch WooCommerce-Version: 5.7.0 WooCommerce REST API-Paket: 5.7.0 /var/www/vhosts/xxxxxx.ch/xxxxxx.ch/wp-content/plugins/woocommerce/includes WooCommerce Blocks-Paket: 5.7.1 /var/www/vhosts/xxxxxx.ch/xxxxxx.ch/wp-content/plugins/woocommerce/packages/woocommerce-blocks/ Aktionsplaner-Paket: 3.2.1 /var/www/vhosts/xxxxxx.ch/xxxxxx.ch/wp-content/plugins/woocommerce/packages/action-scheduler WooCommerce Admin-Paket: 2.6.4 /var/www/vhosts/xxxxxx.ch/xxxxxx.ch/wp-content/plugins/woocommerce/packages/woocommerce-admin Log-Verzeichnis beschreibbar: /var/www/vhosts/xxxxxx.ch/xxxxxx.ch/wp-content/uploads/wc-logs/ WordPress-Version: 5.8.1 WordPress Multisite: – WordPress Speicherlimit: 256 MB WordPress Debug-Modus: – WordPress Cron: Sprache: en_US Externer Objekt-Cache: – Server-Umgebung Server-Info: Apache PHP-Version: 7.4.23 PHP Post Max Size: 16 MB PHP Time Limit: 500 PHP Max Input Vars: 1000 cURL-Version: 7.52.1, OpenSSL/1.0.2u SUHOSIN installiert: – MySQL-Version: 5.5.5-10.1.48-MariaDB-0+deb9u1 Maximale Upload-Größe: 16 MB Standard-Zeitzone ist UTC: fsockopen/cURL: SoapClient: DOMDocument: GZip: Multibyte-String: Remote Post: Remote Get: Datenbank WooCommerce Datenbank Version: 5.7.0 Datenbank-Präfix 524IvI_ Datenbank-Gesamtgröße 47.61MB Datenbank-Datengröße 28.26MB Datenbank-Indexgröße 19.35MB 524IvI_woocommerce_sessions Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_woocommerce_api_keys Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_woocommerce_attribute_taxonomies Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_woocommerce_downloadable_product_permissions Daten: 0.02MB + Index: 0.06MB + Engine InnoDB 524IvI_woocommerce_order_items Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_woocommerce_order_itemmeta Daten: 1.02MB + Index: 1.08MB + Engine InnoDB 524IvI_woocommerce_tax_rates Daten: 0.02MB + Index: 0.06MB + Engine InnoDB 524IvI_woocommerce_tax_rate_locations Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_woocommerce_shipping_zones Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_woocommerce_shipping_zone_locations Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_woocommerce_shipping_zone_methods Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_woocommerce_payment_tokens Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_woocommerce_payment_tokenmeta Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_woocommerce_log Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_actionscheduler_actions Daten: 1.02MB + Index: 0.13MB + Engine InnoDB 524IvI_actionscheduler_claims Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_actionscheduler_groups Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_actionscheduler_logs Daten: 1.03MB + Index: 0.09MB + Engine InnoDB 524IvI_atum_order_itemmeta Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_atum_order_items Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_atum_product_data Daten: 0.06MB + Index: 0.05MB + Engine InnoDB 524IvI_cmplz_cookiebanners Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_cmplz_cookies Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_cmplz_services Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_commentmeta Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_comments Daten: 0.02MB + Index: 0.09MB + Engine InnoDB 524IvI_defender_audit_log Daten: 10.34MB + Index: 8.38MB + Engine InnoDB 524IvI_defender_email_log Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_defender_lockout Daten: 0.42MB + Index: 0.36MB + Engine InnoDB 524IvI_defender_lockout_log Daten: 0.52MB + Index: 0.23MB + Engine InnoDB 524IvI_defender_scan Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_defender_scan_item Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_eum_logs Daten: 0.08MB + Index: 0.00MB + Engine InnoDB 524IvI_frmt_form_entry Daten: 0.02MB + Index: 0.05MB + Engine InnoDB 524IvI_frmt_form_entry_meta Daten: 0.02MB + Index: 0.05MB + Engine InnoDB 524IvI_frmt_form_views Daten: 0.02MB + Index: 0.06MB + Engine InnoDB 524IvI_gf_draft_submissions Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_gf_entry Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_gf_entry_meta Daten: 0.02MB + Index: 0.05MB + Engine InnoDB 524IvI_gf_entry_notes Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_gf_form Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_gf_form_meta Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_gf_form_revisions Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_gf_form_view Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_gf_rest_api_keys Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_hook_list Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_links Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_mailchimp_carts Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_mailchimp_jobs Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_options Daten: 5.03MB + Index: 1.06MB + Engine InnoDB 524IvI_pmxe_exports Daten: 0.03MB + Index: 0.00MB + Engine InnoDB 524IvI_pmxe_google_cats Daten: 0.39MB + Index: 0.00MB + Engine InnoDB 524IvI_pmxe_posts Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_pmxe_templates Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_postmeta Daten: 3.19MB + Index: 5.03MB + Engine InnoDB 524IvI_posts Daten: 2.08MB + Index: 0.33MB + Engine InnoDB 524IvI_smush_dir_images Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_termmeta Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_terms Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_term_relationships Daten: 0.16MB + Index: 0.09MB + Engine InnoDB 524IvI_term_taxonomy Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_usermeta Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_users Daten: 0.02MB + Index: 0.05MB + Engine InnoDB 524IvI_wc_admin_notes Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_wc_admin_note_actions Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_wc_category_lookup Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_wc_customer_lookup Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_wc_download_log Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_wc_order_coupon_lookup Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_wc_order_product_lookup Daten: 0.02MB + Index: 0.06MB + Engine InnoDB 524IvI_wc_order_stats Daten: 0.02MB + Index: 0.05MB + Engine InnoDB 524IvI_wc_order_tax_lookup Daten: 0.02MB + Index: 0.03MB + Engine InnoDB 524IvI_wc_product_meta_lookup Daten: 1.48MB + Index: 1.03MB + Engine InnoDB 524IvI_wc_reserved_stock Daten: 0.02MB + Index: 0.00MB + Engine InnoDB 524IvI_wc_tax_rate_classes Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_wc_webhooks Daten: 0.02MB + Index: 0.02MB + Engine InnoDB 524IvI_wpmailsmtp_debug_events Daten: 0.17MB + Index: 0.00MB + Engine InnoDB 524IvI_wpmailsmtp_tasks_meta Daten: 0.02MB + Index: 0.00MB + Engine InnoDB Inhaltstypen-Anzahl attachment 79 atum_purchase_order 1 atum_supplier 1 forminator_forms 3 nav_menu_item 5 page 14 post 4 product 1223 product_variation 2 revision 39 shop_coupon 1 shop_order 45 shop_order_refund 3 wdf_scan 1 wdf_scan_item 1 Sicherheit Sichere Verbindung (HTTPS): Fehler vor Besuchern verstecken Aktive Plugins (1) WooCommerce von Automattic – 5.7.0 (Update auf Version 5.7.1 ist verfügbar) Inaktive Plugins (34) ATUM Inventory Management for WooCommerce von Stock Management Labs™ – 1.9.2 Beehive Pro von WPMU DEV – 3.3.10 Branda Pro von WPMU DEV – 3.4.5 Debug Bar von wordpressdotorg – 1.1.2 Debug Objects von Frank Bültge – 2.5.0 Defender Pro von WPMU DEV – 2.5.4 Digicube Sample Plugin von Simon Tschirky – 1.0 Easy Updates Manager von Easy Updates Manager Team – 9.0.9 Exxawoo von Tschirky Simon (digicube ag) – 1.0.0 Facebook for WordPress von Facebook – 3.0.6 Fathom Analytics von Conva Ventures Inc – 3.0.4 Forminator Pro von WPMU DEV – 1.15.3 Getwid von MotoPress – 1.7.4 GP Premium von Tom Usborne – 2.0.3 Gravity Forms von Gravity Forms – 2.4.21 Gravity Forms Personality Quiz Add-On von Daniel Abernathy – 1.1.0 Insert Headers and Footers von WPBeginner – 1.6.0 Jetpack von Automattic – 10.1 mame Saferpay for WooCommerce von mame webdesign hüttig – 1.4.4 Show Current Template von JOTAKI Taisuke – 0.4.6 Smush Pro von WPMU DEV – 3.9.0 Snapshot Pro von WPMU DEV – 4.4.0 Spotlight - Social Media Feeds von RebelCode – 0.9.5 The Plus Addons for Block Editor von POSIMYTH – 1.1.6 Ultimate Addons for Gutenberg von Brainstorm Force – 1.24.2 What The File von Never5 – 1.5.4 WooCommerce PayPal Payments von WooCommerce – 1.5.1 WooCommerce Schedule Stock Manager von Geek Code Lab – 1.6 WP All Export - ACF Export Add-On Pro von Soflyy – 1.0.2 WP All Export - WooCommerce Export Add-On Pro von Soflyy – 1.0.2 WP All Export Pro von Soflyy – 1.6.7 WP Crontrol von John Blackbourn & crontributors – 1.10.0 WP Mail SMTP von WPForms – 3.0.3 WPMU DEV Dashboard von WPMU DEV – 4.11.3 Dropin Plugins (2) advanced-cache.php advanced-cache.php maintenance.php maintenance.php Einstellungen API aktiviert: – SSL erzwingen: – Währung CHF (CHF) Position des Währungssymbols left_space Tausender-Trennzeichen ' Dezimal-Trennzeichen . Anzahl der Dezimalstellen 2 Taxonomien: Produkttypen external (external), grouped (grouped), simple (simple), variable (variable) Taxonomien: Produktsichtbarkeit exclude-from-catalog (exclude-from-catalog), exclude-from-search (exclude-from-search), featured (featured), outofstock (outofstock), rated-1 (rated-1), rated-2 (rated-2), rated-3 (rated-3), rated-4 (rated-4), rated-5 (rated-5) Verbunden mit WooCommerce.com: – WooCommerce Seiten Shop-Basis: #59 - /alle-produkte/ Warenkorb: #8 - /warenkorb/ Kasse: #9 - /kasse/ Mein Konto: #141 - /141-2/ Allgemeine Geschäftsbedingungen: Die Sichtbarkeit der Seite sollte öffentlich sein Theme Name: GeneratePress Version: 3.0.4 URL des Autors: https://tomusborne.com Child-Theme: – Wenn du WooCommerce mit einem Theme, das du nicht selbst entwickelt hast, an eigene Bedürfnisse anpasst, dann empfehlen wir die Verwendung eines Child-Themes. Siehe Wie du ein Child-Theme erstellst (engl.) Unterstützung für WooCommerce: Vorlagen Überschrieben: – Aktionsplaner Version: 3.2.1 Datenspeicher: ActionScheduler_HybridStore Aktionsstatus Anzahl Ältestes geplantes Datum Neuestes geplantes Datum Abgeschlossen 259 2021-08-30 08:25:54 +0200 2021-09-29 14:22:59 +0200 Ausstehend 2 2021-09-29 14:24:05 +0200 2021-09-30 08:54:41 +0200 Fehlgeschlagen 11 2020-03-30 16:35:11 +0200 2021-09-09 11:57:08 +0200 Informationen zum Statusbericht Generiert am: 2021-09-29 14:23:56 +02:00

tammullen commented 3 years ago

Hi @masteradhoc

I believe this is the expected behaviour due to security reasons. See also: https://github.com/woocommerce/woocommerce/issues/24484#issuecomment-525904610

I am adding the needs developer feedback label to this issue so that the Core team can confirm this.

Please note it may take a few days for them to get to this issue. Thank you for your patience.

masteradhoc commented 3 years ago

@tammullen any feedback for us?

jeffstieler commented 2 years ago

Hello @masteradhoc,

This error is ultimately being thrown by WordPress core in _wp_handle_upload(), relevant lines here: https://github.com/WordPress/WordPress/blob/5.8-branch/wp-admin/includes/file.php#L904-L906

If this behavior is going to be changed, it should be in core.

woocommerce / woocommerce

[REST API] Invalid image: Url’s which don’t have file extensions don’t work #30836