WordPress. Загрузка svg-файлов
06.11.2019
Теги: CMS • Web-разработка • WordPress • ПраваДоступа • Файл
WordPress не позволяет загружать в медиатеку что попало. Файлы запрещенных типов загрузить невозможно, потому что у движка есть список допустимых mime-типов. Иногда такая защита мешает, и несмотря на потенциальную опасность, все же нужно иметь возможность загружать файлы выбранных форматов.
Получить список всех типов файлов, которые WordPress понимает, можно с помощью функции wp_get_mime_types():
$mimetypes = wp_get_mime_types(); print_r($mimetypes);
Array
(
[jpg|jpeg|jpe] => image/jpeg
[gif] => image/gif
[png] => image/png
[bmp] => image/bmp
[tiff|tif] => image/tiff
[ico] => image/x-icon
[asf|asx] => video/x-ms-asf
[wmv] => video/x-ms-wmv
[wmx] => video/x-ms-wmx
[wm] => video/x-ms-wm
[avi] => video/avi
[divx] => video/divx
[flv] => video/x-flv
[mov|qt] => video/quicktime
[mpeg|mpg|mpe] => video/mpeg
[mp4|m4v] => video/mp4
[ogv] => video/ogg
[webm] => video/webm
[mkv] => video/x-matroska
[3gp|3gpp] => video/3gpp
[3g2|3gp2] => video/3gpp2
[txt|asc|c|cc|h|srt] => text/plain
[csv] => text/csv
[tsv] => text/tab-separated-values
[ics] => text/calendar
[rtx] => text/richtext
[css] => text/css
[htm|html] => text/html
[vtt] => text/vtt
[dfxp] => application/ttaf+xml
[mp3|m4a|m4b] => audio/mpeg
[aac] => audio/aac
[ra|ram] => audio/x-realaudio
[wav] => audio/wav
[ogg|oga] => audio/ogg
[flac] => audio/flac
[mid|midi] => audio/midi
[wma] => audio/x-ms-wma
[wax] => audio/x-ms-wax
[mka] => audio/x-matroska
[rtf] => application/rtf
[js] => application/javascript
[pdf] => application/pdf
[swf] => application/x-shockwave-flash
[class] => application/java
[tar] => application/x-tar
[zip] => application/zip
[gz|gzip] => application/x-gzip
[rar] => application/rar
[7z] => application/x-7z-compressed
[exe] => application/x-msdownload
[psd] => application/octet-stream
[xcf] => application/octet-stream
[doc] => application/msword
[pot|pps|ppt] => application/vnd.ms-powerpoint
[wri] => application/vnd.ms-write
[xla|xls|xlt|xlw] => application/vnd.ms-excel
[mdb] => application/vnd.ms-access
[mpp] => application/vnd.ms-project
[docx] => application/vnd.openxmlformats-officedocument.wordprocessingml.document
[docm] => application/vnd.ms-word.document.macroEnabled.12
[dotx] => application/vnd.openxmlformats-officedocument.wordprocessingml.template
[dotm] => application/vnd.ms-word.template.macroEnabled.12
[xlsx] => application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
[xlsm] => application/vnd.ms-excel.sheet.macroEnabled.12
[xlsb] => application/vnd.ms-excel.sheet.binary.macroEnabled.12
[xltx] => application/vnd.openxmlformats-officedocument.spreadsheetml.template
[xltm] => application/vnd.ms-excel.template.macroEnabled.12
[xlam] => application/vnd.ms-excel.addin.macroEnabled.12
[pptx] => application/vnd.openxmlformats-officedocument.presentationml.presentation
[pptm] => application/vnd.ms-powerpoint.presentation.macroEnabled.12
[ppsx] => application/vnd.openxmlformats-officedocument.presentationml.slideshow
[ppsm] => application/vnd.ms-powerpoint.slideshow.macroEnabled.12
[potx] => application/vnd.openxmlformats-officedocument.presentationml.template
[potm] => application/vnd.ms-powerpoint.template.macroEnabled.12
[ppam] => application/vnd.ms-powerpoint.addin.macroEnabled.12
[sldx] => application/vnd.openxmlformats-officedocument.presentationml.slide
[sldm] => application/vnd.ms-powerpoint.slide.macroEnabled.12
[onetoc|onetoc2|onetmp|onepkg] => application/onenote
[oxps] => application/oxps
[xps] => application/vnd.ms-xpsdocument
[odt] => application/vnd.oasis.opendocument.text
[odp] => application/vnd.oasis.opendocument.presentation
[ods] => application/vnd.oasis.opendocument.spreadsheet
[odg] => application/vnd.oasis.opendocument.graphics
[odc] => application/vnd.oasis.opendocument.chart
[odb] => application/vnd.oasis.opendocument.database
[odf] => application/vnd.oasis.opendocument.formula
[wp|wpd] => application/wordperfect
[key] => application/vnd.apple.keynote
[numbers] => application/vnd.apple.numbers
[pages] => application/vnd.apple.pages
)
Получить список всех типов файлов, которые разрешено загружать, можно с помощью функции get_allowed_mime_types():
$mimetypes = get_allowed_mime_types(); print_r($mimetypes);
Array
(
[jpg|jpeg|jpe] => image/jpeg
[gif] => image/gif
[png] => image/png
[bmp] => image/bmp
[tiff|tif] => image/tiff
[ico] => image/x-icon
[asf|asx] => video/x-ms-asf
[wmv] => video/x-ms-wmv
[wmx] => video/x-ms-wmx
[wm] => video/x-ms-wm
[avi] => video/avi
[divx] => video/divx
[flv] => video/x-flv
[mov|qt] => video/quicktime
[mpeg|mpg|mpe] => video/mpeg
[mp4|m4v] => video/mp4
[ogv] => video/ogg
[webm] => video/webm
[mkv] => video/x-matroska
[3gp|3gpp] => video/3gpp
[3g2|3gp2] => video/3gpp2
[txt|asc|c|cc|h|srt] => text/plain
[csv] => text/csv
[tsv] => text/tab-separated-values
[ics] => text/calendar
[rtx] => text/richtext
[css] => text/css
[htm|html] => text/html
[vtt] => text/vtt
[dfxp] => application/ttaf+xml
[mp3|m4a|m4b] => audio/mpeg
[aac] => audio/aac
[ra|ram] => audio/x-realaudio
[wav] => audio/wav
[ogg|oga] => audio/ogg
[flac] => audio/flac
[mid|midi] => audio/midi
[wma] => audio/x-ms-wma
[wax] => audio/x-ms-wax
[mka] => audio/x-matroska
[rtf] => application/rtf
[js] => application/javascript
[pdf] => application/pdf
[class] => application/java
[tar] => application/x-tar
[zip] => application/zip
[gz|gzip] => application/x-gzip
[rar] => application/rar
[7z] => application/x-7z-compressed
[psd] => application/octet-stream
[xcf] => application/octet-stream
[doc] => application/msword
[pot|pps|ppt] => application/vnd.ms-powerpoint
[wri] => application/vnd.ms-write
[xla|xls|xlt|xlw] => application/vnd.ms-excel
[mdb] => application/vnd.ms-access
[mpp] => application/vnd.ms-project
[docx] => application/vnd.openxmlformats-officedocument.wordprocessingml.document
[docm] => application/vnd.ms-word.document.macroEnabled.12
[dotx] => application/vnd.openxmlformats-officedocument.wordprocessingml.template
[dotm] => application/vnd.ms-word.template.macroEnabled.12
[xlsx] => application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
[xlsm] => application/vnd.ms-excel.sheet.macroEnabled.12
[xlsb] => application/vnd.ms-excel.sheet.binary.macroEnabled.12
[xltx] => application/vnd.openxmlformats-officedocument.spreadsheetml.template
[xltm] => application/vnd.ms-excel.template.macroEnabled.12
[xlam] => application/vnd.ms-excel.addin.macroEnabled.12
[pptx] => application/vnd.openxmlformats-officedocument.presentationml.presentation
[pptm] => application/vnd.ms-powerpoint.presentation.macroEnabled.12
[ppsx] => application/vnd.openxmlformats-officedocument.presentationml.slideshow
[ppsm] => application/vnd.ms-powerpoint.slideshow.macroEnabled.12
[potx] => application/vnd.openxmlformats-officedocument.presentationml.template
[potm] => application/vnd.ms-powerpoint.template.macroEnabled.12
[ppam] => application/vnd.ms-powerpoint.addin.macroEnabled.12
[sldx] => application/vnd.openxmlformats-officedocument.presentationml.slide
[sldm] => application/vnd.ms-powerpoint.slide.macroEnabled.12
[onetoc|onetoc2|onetmp|onepkg] => application/onenote
[oxps] => application/oxps
[xps] => application/vnd.ms-xpsdocument
[odt] => application/vnd.oasis.opendocument.text
[odp] => application/vnd.oasis.opendocument.presentation
[ods] => application/vnd.oasis.opendocument.spreadsheet
[odg] => application/vnd.oasis.opendocument.graphics
[odc] => application/vnd.oasis.opendocument.chart
[odb] => application/vnd.oasis.opendocument.database
[odf] => application/vnd.oasis.opendocument.formula
[wp|wpd] => application/wordperfect
[key] => application/vnd.apple.keynote
[numbers] => application/vnd.apple.numbers
[pages] => application/vnd.apple.pages
)
На первый взгляд, функции выдают одинаковый результат, но это не так:
$types = wp_get_mime_types(); $allowed = get_allowed_mime_types(); print_r(array_diff($types, $allowed));
Array
(
[swf] => application/x-shockwave-flash
[exe] => application/x-msdownload
)
Разрешаем и запрещаем типы файлов для загрузки
Для управления белым списком расширений файлов есть два хука:
upload_mimes— из функцииget_allowed_mime_types()wp_check_filetype_and_ext— из функцииwp_check_filetype_and_ext()
Разрешаем всем загрузку svg и djvu файлов и запрещаем загрузку MS Word файлов:
add_filter('upload_mimes', function ($mimes) { // разрешаем svg и djvu $mimes['svg'] = 'image/svg+xml'; $mimes['djv|djvu'] = 'image/vnd.djvu'; // запрещаем doc и docx unset($mimes['doc']); unset($mimes['docx']); return $mimes; });
Разрешаем загрузку svg файлов только администратору сайта:
add_filter( 'wp_check_filetype_and_ext', function ($type_and_ext, $file, $filename, $mimes, $real_mime) { $user = wp_get_current_user(); // это только для администратора сайта if (in_array('administrator', $user->roles)) { // если загружается файл с расширением svg if('.svg' === strtolower(substr($filename, -4))) { $type_and_ext['ext'] = 'svg'; $type_and_ext['type'] = 'image/svg+xml'; } } return $type_and_ext; }, 10, 5 );
Поиск: CMS • Web-разработка • WordPress • Права доступа • Файл • Загрузка • Mime • svg