search

wp-media / imagify-plugin

Speed up your website with lighter images without losing quality.
https://imagify.io
73 stars 27 forks source link

Safe-guard against file type that don't match mime type #874

Closed MathieuLamiot closed 7 months ago

MathieuLamiot commented 7 months ago

Context Issue reported on Slack: https://wp-media.slack.com/archives/C056ZJMHG0P/p1712218266722999

Expected behavior

Additional Information

Stack trace:

[28-Mar-2024 07:32:02 UTC] PHP Fatal error: Uncaught TypeError: strtolower(): Argument #1 ($string) must be of type string, bool given in /home/jpegr0/public_html/fta/wp-content/plugins/imagify/classes/Optimization/Process/AbstractProcess.php:595
Stack trace:
#0 /home/jpegr0/public_html/fta/wp-content/plugins/imagify/classes/Optimization/Process/AbstractProcess.php(595): strtolower()
#1 /home/jpegr0/public_html/fta/wp-content/plugins/imagify/classes/Job/MediaOptimization.php(181): Imagify\Optimization\Process\AbstractProcess->optimize_size()
#2 /home/jpegr0/public_html/fta/wp-content/plugins/imagify/classes/Job/MediaOptimization.php(66): Imagify\Job\MediaOptimization->task_optimize()
#3 /home/jpegr0/public_html/fta/wp-content/plugins/imagify/inc/classes/Dependencies/deliciousbrains/wp-background-processing/classes/wp-background-process.php(516): Imagify\Job\MediaOptimization->task()
#4 /home/jpegr0/public_html/fta/wp-content/plugins/imagify/inc/classes/Dependencies/deliciousbrains/wp-background-processing/classes/wp-background-process.php(333): Imagify_WP_Background_Process->handle()
#5 /home/jpegr0/public_html/fta/wp-includes/class-wp-hook.php(324): Imagify_WP_Background_Process->maybe_handle()
#6 /home/jpegr0/public_html/fta/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters()
#7 /home/jpegr0/public_html/fta/wp-includes/plugin.php(517): WP_Hook->do_action()
#8 /home/jpegr0/public_html/fta/wp-admin/admin-ajax.php(203): do_action()
#9 {main}
thrown in /home/jpegr0/public_html/fta/wp-content/plugins/imagify/classes/Optimization/Process/AbstractProcess.php on line 595

The issue seem to come from the fact that wp_check_filetype can return false.

The suggested fix in the thread seem to work.

MathieuLamiot commented 7 months ago

How to reproduce

I don't know which file type would not match any mime type. But if we find one, we can apply the optimization process to it to trigger the issue.

How to fix:

Replace the code in /classes/Optimization/Process/AbstractProcess.php:595 by:

            if ( '' === $extension ) {
                $response = new WP_Error(
                    'no_extension',
                    __( 'With no extension, this file cannot be optimized.', 'imagify' )
                );
            } else if ( ! $extension ) {
                $response = new WP_Error(
                    'extension_not_mime',
                    __( 'This file has an extension that does not match a mime type.', 'imagify' )
                );
            } else {
                $response = new WP_Error(
                    'extension_not_supported',
                    sprintf(
                    /* translators: %s is a file extension. */
                        __( '%s cannot be optimized.', 'imagify' ),
                        '<code>' . esc_html( strtolower( $extension ) ) . '</code>'
                    )
                );
            }

This adds an exception if the file type does not match mime type.

What to do

Effort: XS