WordPress. Загрузка svg-файлов
06.11.2019
Теги: CMS • Web-разработка • WordPress • ПраваДоступа • Файл
WordPress не позволяет загружать в медиатеку что попало. Файлы запрещенных типов загрузить невозможно, потому что у движка есть список допустимых mime-типов. Иногда такая защита мешает, и несмотря на потенциальную опасность, все же нужно иметь возможность загружать файлы выбранных форматов.
Получить список всех типов файлов, которые WordPress понимает, можно с помощью функции wp_get_mime_types()
:
$mimetypes = wp_get_mime_types(); print_r($mimetypes);
Array ( [jpg|jpeg|jpe] => image/jpeg [gif] => image/gif [png] => image/png [bmp] => image/bmp [tiff|tif] => image/tiff [ico] => image/x-icon [asf|asx] => video/x-ms-asf [wmv] => video/x-ms-wmv [wmx] => video/x-ms-wmx [wm] => video/x-ms-wm [avi] => video/avi [divx] => video/divx [flv] => video/x-flv [mov|qt] => video/quicktime [mpeg|mpg|mpe] => video/mpeg [mp4|m4v] => video/mp4 [ogv] => video/ogg [webm] => video/webm [mkv] => video/x-matroska [3gp|3gpp] => video/3gpp [3g2|3gp2] => video/3gpp2 [txt|asc|c|cc|h|srt] => text/plain [csv] => text/csv [tsv] => text/tab-separated-values [ics] => text/calendar [rtx] => text/richtext [css] => text/css [htm|html] => text/html [vtt] => text/vtt [dfxp] => application/ttaf+xml [mp3|m4a|m4b] => audio/mpeg [aac] => audio/aac [ra|ram] => audio/x-realaudio [wav] => audio/wav [ogg|oga] => audio/ogg [flac] => audio/flac [mid|midi] => audio/midi [wma] => audio/x-ms-wma [wax] => audio/x-ms-wax [mka] => audio/x-matroska [rtf] => application/rtf [js] => application/javascript [pdf] => application/pdf [swf] => application/x-shockwave-flash [class] => application/java [tar] => application/x-tar [zip] => application/zip [gz|gzip] => application/x-gzip [rar] => application/rar [7z] => application/x-7z-compressed [exe] => application/x-msdownload [psd] => application/octet-stream [xcf] => application/octet-stream [doc] => application/msword [pot|pps|ppt] => application/vnd.ms-powerpoint [wri] => application/vnd.ms-write [xla|xls|xlt|xlw] => application/vnd.ms-excel [mdb] => application/vnd.ms-access [mpp] => application/vnd.ms-project [docx] => application/vnd.openxmlformats-officedocument.wordprocessingml.document [docm] => application/vnd.ms-word.document.macroEnabled.12 [dotx] => application/vnd.openxmlformats-officedocument.wordprocessingml.template [dotm] => application/vnd.ms-word.template.macroEnabled.12 [xlsx] => application/vnd.openxmlformats-officedocument.spreadsheetml.sheet [xlsm] => application/vnd.ms-excel.sheet.macroEnabled.12 [xlsb] => application/vnd.ms-excel.sheet.binary.macroEnabled.12 [xltx] => application/vnd.openxmlformats-officedocument.spreadsheetml.template [xltm] => application/vnd.ms-excel.template.macroEnabled.12 [xlam] => application/vnd.ms-excel.addin.macroEnabled.12 [pptx] => application/vnd.openxmlformats-officedocument.presentationml.presentation [pptm] => application/vnd.ms-powerpoint.presentation.macroEnabled.12 [ppsx] => application/vnd.openxmlformats-officedocument.presentationml.slideshow [ppsm] => application/vnd.ms-powerpoint.slideshow.macroEnabled.12 [potx] => application/vnd.openxmlformats-officedocument.presentationml.template [potm] => application/vnd.ms-powerpoint.template.macroEnabled.12 [ppam] => application/vnd.ms-powerpoint.addin.macroEnabled.12 [sldx] => application/vnd.openxmlformats-officedocument.presentationml.slide [sldm] => application/vnd.ms-powerpoint.slide.macroEnabled.12 [onetoc|onetoc2|onetmp|onepkg] => application/onenote [oxps] => application/oxps [xps] => application/vnd.ms-xpsdocument [odt] => application/vnd.oasis.opendocument.text [odp] => application/vnd.oasis.opendocument.presentation [ods] => application/vnd.oasis.opendocument.spreadsheet [odg] => application/vnd.oasis.opendocument.graphics [odc] => application/vnd.oasis.opendocument.chart [odb] => application/vnd.oasis.opendocument.database [odf] => application/vnd.oasis.opendocument.formula [wp|wpd] => application/wordperfect [key] => application/vnd.apple.keynote [numbers] => application/vnd.apple.numbers [pages] => application/vnd.apple.pages )
Получить список всех типов файлов, которые разрешено загружать, можно с помощью функции get_allowed_mime_types()
:
$mimetypes = get_allowed_mime_types(); print_r($mimetypes);
Array ( [jpg|jpeg|jpe] => image/jpeg [gif] => image/gif [png] => image/png [bmp] => image/bmp [tiff|tif] => image/tiff [ico] => image/x-icon [asf|asx] => video/x-ms-asf [wmv] => video/x-ms-wmv [wmx] => video/x-ms-wmx [wm] => video/x-ms-wm [avi] => video/avi [divx] => video/divx [flv] => video/x-flv [mov|qt] => video/quicktime [mpeg|mpg|mpe] => video/mpeg [mp4|m4v] => video/mp4 [ogv] => video/ogg [webm] => video/webm [mkv] => video/x-matroska [3gp|3gpp] => video/3gpp [3g2|3gp2] => video/3gpp2 [txt|asc|c|cc|h|srt] => text/plain [csv] => text/csv [tsv] => text/tab-separated-values [ics] => text/calendar [rtx] => text/richtext [css] => text/css [htm|html] => text/html [vtt] => text/vtt [dfxp] => application/ttaf+xml [mp3|m4a|m4b] => audio/mpeg [aac] => audio/aac [ra|ram] => audio/x-realaudio [wav] => audio/wav [ogg|oga] => audio/ogg [flac] => audio/flac [mid|midi] => audio/midi [wma] => audio/x-ms-wma [wax] => audio/x-ms-wax [mka] => audio/x-matroska [rtf] => application/rtf [js] => application/javascript [pdf] => application/pdf [class] => application/java [tar] => application/x-tar [zip] => application/zip [gz|gzip] => application/x-gzip [rar] => application/rar [7z] => application/x-7z-compressed [psd] => application/octet-stream [xcf] => application/octet-stream [doc] => application/msword [pot|pps|ppt] => application/vnd.ms-powerpoint [wri] => application/vnd.ms-write [xla|xls|xlt|xlw] => application/vnd.ms-excel [mdb] => application/vnd.ms-access [mpp] => application/vnd.ms-project [docx] => application/vnd.openxmlformats-officedocument.wordprocessingml.document [docm] => application/vnd.ms-word.document.macroEnabled.12 [dotx] => application/vnd.openxmlformats-officedocument.wordprocessingml.template [dotm] => application/vnd.ms-word.template.macroEnabled.12 [xlsx] => application/vnd.openxmlformats-officedocument.spreadsheetml.sheet [xlsm] => application/vnd.ms-excel.sheet.macroEnabled.12 [xlsb] => application/vnd.ms-excel.sheet.binary.macroEnabled.12 [xltx] => application/vnd.openxmlformats-officedocument.spreadsheetml.template [xltm] => application/vnd.ms-excel.template.macroEnabled.12 [xlam] => application/vnd.ms-excel.addin.macroEnabled.12 [pptx] => application/vnd.openxmlformats-officedocument.presentationml.presentation [pptm] => application/vnd.ms-powerpoint.presentation.macroEnabled.12 [ppsx] => application/vnd.openxmlformats-officedocument.presentationml.slideshow [ppsm] => application/vnd.ms-powerpoint.slideshow.macroEnabled.12 [potx] => application/vnd.openxmlformats-officedocument.presentationml.template [potm] => application/vnd.ms-powerpoint.template.macroEnabled.12 [ppam] => application/vnd.ms-powerpoint.addin.macroEnabled.12 [sldx] => application/vnd.openxmlformats-officedocument.presentationml.slide [sldm] => application/vnd.ms-powerpoint.slide.macroEnabled.12 [onetoc|onetoc2|onetmp|onepkg] => application/onenote [oxps] => application/oxps [xps] => application/vnd.ms-xpsdocument [odt] => application/vnd.oasis.opendocument.text [odp] => application/vnd.oasis.opendocument.presentation [ods] => application/vnd.oasis.opendocument.spreadsheet [odg] => application/vnd.oasis.opendocument.graphics [odc] => application/vnd.oasis.opendocument.chart [odb] => application/vnd.oasis.opendocument.database [odf] => application/vnd.oasis.opendocument.formula [wp|wpd] => application/wordperfect [key] => application/vnd.apple.keynote [numbers] => application/vnd.apple.numbers [pages] => application/vnd.apple.pages )
На первый взгляд, функции выдают одинаковый результат, но это не так:
$types = wp_get_mime_types(); $allowed = get_allowed_mime_types(); print_r(array_diff($types, $allowed));
Array ( [swf] => application/x-shockwave-flash [exe] => application/x-msdownload )
Разрешаем и запрещаем типы файлов для загрузки
Для управления белым списком расширений файлов есть два хука:
upload_mimes
— из функцииget_allowed_mime_types()
wp_check_filetype_and_ext
— из функцииwp_check_filetype_and_ext()
Разрешаем всем загрузку svg и djvu файлов и запрещаем загрузку MS Word файлов:
add_filter('upload_mimes', function ($mimes) { // разрешаем svg и djvu $mimes['svg'] = 'image/svg+xml'; $mimes['djv|djvu'] = 'image/vnd.djvu'; // запрещаем doc и docx unset($mimes['doc']); unset($mimes['docx']); return $mimes; });
Разрешаем загрузку svg файлов только администратору сайта:
add_filter( 'wp_check_filetype_and_ext', function ($type_and_ext, $file, $filename, $mimes, $real_mime) { $user = wp_get_current_user(); // это только для администратора сайта if (in_array('administrator', $user->roles)) { // если загружается файл с расширением svg if('.svg' === strtolower(substr($filename, -4))) { $type_and_ext['ext'] = 'svg'; $type_and_ext['type'] = 'image/svg+xml'; } } return $type_and_ext; }, 10, 5 );
Поиск: CMS • Web-разработка • WordPress • Права доступа • Файл • Загрузка • Mime • svg