From 6fd9b34405761f866aa3270b36712c43c00011c9 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamsilverstein@earthboundhosting.com>
Date: Tue, 25 Mar 2025 14:07:53 +0000
Subject: [PATCH] =?UTF-8?q?Media:=20prevent=20uploading=20image=20types=20?=
 =?UTF-8?q?the=20server=20doesn=E2=80=99t=20support.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Normalize behavior between uploading in the media library and uploading directly to the block editor.  Now, when uploading an image with a mime type the server does not support (either in the media library or the block editor), the user will see an error message “This image cannot be processed by the web server. Convert it to JPEG or PNG before uploading”.

Alos, add a new filter `wp_prevent_unsupported_mime_type_uploads` which determines whether the server should prevent uploads for image types it doesn't support. The default value is true and the filter also receives the uploaded image mime type.

Props: joomskys, adamsilverstein, azaozz, swissspidy, joemcgill, flixos90, audrasjb. 

Fixes #61167


Built from https://develop.svn.wordpress.org/trunk@60084


git-svn-id: http://core.svn.wordpress.org/trunk@59420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/media.php                   | 19 +++++++-----
 .../class-wp-rest-attachments-controller.php  | 30 +++++++++++++++++++
 wp-includes/version.php                       |  2 +-
 3 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 73a2585f84..5c0b5d0b38 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -2194,14 +2194,19 @@ function media_upload_form( $errors = null ) {
 		$plupload_init['multi_selection'] = false;
 	}
 
-	// Check if WebP images can be edited.
-	if ( ! wp_image_editor_supports( array( 'mime_type' => 'image/webp' ) ) ) {
-		$plupload_init['webp_upload_error'] = true;
-	}
+	/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php */
+	$prevent_unsupported_uploads = apply_filters( 'wp_prevent_unsupported_mime_type_uploads', true, null );
 
-	// Check if AVIF images can be edited.
-	if ( ! wp_image_editor_supports( array( 'mime_type' => 'image/avif' ) ) ) {
-		$plupload_init['avif_upload_error'] = true;
+	if ( $prevent_unsupported_uploads ) {
+		// Check if WebP images can be edited.
+		if ( ! wp_image_editor_supports( array( 'mime_type' => 'image/webp' ) ) ) {
+			$plupload_init['webp_upload_error'] = true;
+		}
+
+		// Check if AVIF images can be edited.
+		if ( ! wp_image_editor_supports( array( 'mime_type' => 'image/avif' ) ) ) {
+			$plupload_init['avif_upload_error'] = true;
+		}
 	}
 
 	/**
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
index 0c98a729e4..4c49a1f335 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
@@ -134,6 +134,36 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
 				array( 'status' => rest_authorization_required_code() )
 			);
 		}
+		$files = $request->get_file_params();
+
+		/**
+		 * Filter whether the server should prevent uploads for image types it doesn't support. Default true.
+		 *
+		 * Developers can use this filter to enable uploads of certain image types. By default image types that are not
+		 * supported by the server are prevented from being uploaded.
+		 *
+		 * @since 6.8.0
+		 *
+		 * @param bool        $check_mime Whether to prevent uploads of unsupported image types.
+		 * @param string|null $mime_type  The mime type of the file being uploaded (if available).
+		 */
+		$prevent_unsupported_uploads = apply_filters( 'wp_prevent_unsupported_mime_type_uploads', true, isset( $files['file']['type'] ) ? $files['file']['type'] : null );
+
+		// If the upload is an image, check if the server can handle the mime type.
+		if (
+			$prevent_unsupported_uploads &&
+			isset( $files['file']['type'] ) &&
+			str_starts_with( $files['file']['type'], 'image/' )
+		) {
+			// Check if the image editor supports the type.
+			if ( ! wp_image_editor_supports( array( 'mime_type' => $files['file']['type'] ) ) ) {
+				return new WP_Error(
+					'rest_upload_image_type_not_supported',
+					__( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ),
+					array( 'status' => 400 )
+				);
+			}
+		}
 
 		return true;
 	}
diff --git a/wp-includes/version.php b/wp-includes/version.php
index acd44b97b4..e33f5b142b 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.8-beta3-60083';
+$wp_version = '6.8-beta3-60084';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.