--- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php Fri Sep 05 18:40:08 2025 +0200
+++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php Fri Sep 05 18:52:52 2025 +0200
@@ -134,6 +134,44 @@
array( 'status' => rest_authorization_required_code() )
);
}
+ $files = $request->get_file_params();
+
+ /**
+ * Filter whether the server should prevent uploads for image types it doesn't support. Default true.
+ *
+ * Developers can use this filter to enable uploads of certain image types. By default image types that are not
+ * supported by the server are prevented from being uploaded.
+ *
+ * @since 6.8.0
+ *
+ * @param bool $check_mime Whether to prevent uploads of unsupported image types.
+ * @param string|null $mime_type The mime type of the file being uploaded (if available).
+ */
+ $prevent_unsupported_uploads = apply_filters( 'wp_prevent_unsupported_mime_type_uploads', true, isset( $files['file']['type'] ) ? $files['file']['type'] : null );
+
+ // If the upload is an image, check if the server can handle the mime type.
+ if (
+ $prevent_unsupported_uploads &&
+ isset( $files['file']['type'] ) &&
+ str_starts_with( $files['file']['type'], 'image/' )
+ ) {
+ // List of non-resizable image formats.
+ $editor_non_resizable_formats = array(
+ 'image/svg+xml',
+ );
+
+ // Check if the image editor supports the type or ignore if it isn't a format resizable by an editor.
+ if (
+ ! in_array( $files['file']['type'], $editor_non_resizable_formats, true ) &&
+ ! wp_image_editor_supports( array( 'mime_type' => $files['file']['type'] ) )
+ ) {
+ return new WP_Error(
+ 'rest_upload_image_type_not_supported',
+ __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ),
+ array( 'status' => 400 )
+ );
+ }
+ }
return true;
}
@@ -339,8 +377,7 @@
*
* @since 4.7.0
*
- * @param WP_Post $attachment Inserted or updated attachment
- * object.
+ * @param WP_Post $attachment Inserted or updated attachment object.
* @param WP_REST_Request $request The request sent to the API.
* @param bool $creating True when creating an attachment, false when updating.
*/
@@ -450,7 +487,7 @@
}
/**
- * Performs post processing on an attachment.
+ * Performs post-processing on an attachment.
*
* @since 5.3.0
*
@@ -471,7 +508,7 @@
}
/**
- * Checks if a given request can perform post processing on an attachment.
+ * Checks if a given request can perform post-processing on an attachment.
*
* @since 5.3.0
*
@@ -531,7 +568,7 @@
);
}
- $supported_types = array( 'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif' );
+ $supported_types = array( 'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif', 'image/heic' );
$mime_type = get_post_mime_type( $attachment_id );
if ( ! in_array( $mime_type, $supported_types, true ) ) {
return new WP_Error(
@@ -601,7 +638,7 @@
$args = $modifier['args'];
switch ( $modifier['type'] ) {
case 'rotate':
- // Rotation direction: clockwise vs. counter clockwise.
+ // Rotation direction: clockwise vs. counterclockwise.
$rotate = 0 - $args['angle'];
if ( 0 !== $rotate ) {
@@ -661,7 +698,7 @@
$filename = "{$image_name}.{$image_ext}";
- // Create the uploads sub-directory if needed.
+ // Create the uploads subdirectory if needed.
$uploads = wp_upload_dir();
// Make the file name unique in the (new) upload directory.
@@ -1207,7 +1244,7 @@
continue;
}
- list( $type, $attr_parts ) = explode( ';', $value, 2 );
+ list( , $attr_parts ) = explode( ';', $value, 2 );
$attr_parts = explode( ';', $attr_parts );
$attributes = array();