diff -r 48c4eec2b7e6 -r 8c2e4d02f4ef wp/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php --- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php Fri Sep 05 18:40:08 2025 +0200 +++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php Fri Sep 05 18:52:52 2025 +0200 @@ -134,6 +134,44 @@ array( 'status' => rest_authorization_required_code() ) ); } + $files = $request->get_file_params(); + + /** + * Filter whether the server should prevent uploads for image types it doesn't support. Default true. + * + * Developers can use this filter to enable uploads of certain image types. By default image types that are not + * supported by the server are prevented from being uploaded. + * + * @since 6.8.0 + * + * @param bool $check_mime Whether to prevent uploads of unsupported image types. + * @param string|null $mime_type The mime type of the file being uploaded (if available). + */ + $prevent_unsupported_uploads = apply_filters( 'wp_prevent_unsupported_mime_type_uploads', true, isset( $files['file']['type'] ) ? $files['file']['type'] : null ); + + // If the upload is an image, check if the server can handle the mime type. + if ( + $prevent_unsupported_uploads && + isset( $files['file']['type'] ) && + str_starts_with( $files['file']['type'], 'image/' ) + ) { + // List of non-resizable image formats. + $editor_non_resizable_formats = array( + 'image/svg+xml', + ); + + // Check if the image editor supports the type or ignore if it isn't a format resizable by an editor. + if ( + ! in_array( $files['file']['type'], $editor_non_resizable_formats, true ) && + ! wp_image_editor_supports( array( 'mime_type' => $files['file']['type'] ) ) + ) { + return new WP_Error( + 'rest_upload_image_type_not_supported', + __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ), + array( 'status' => 400 ) + ); + } + } return true; } @@ -339,8 +377,7 @@ * * @since 4.7.0 * - * @param WP_Post $attachment Inserted or updated attachment - * object. + * @param WP_Post $attachment Inserted or updated attachment object. * @param WP_REST_Request $request The request sent to the API. * @param bool $creating True when creating an attachment, false when updating. */ @@ -450,7 +487,7 @@ } /** - * Performs post processing on an attachment. + * Performs post-processing on an attachment. * * @since 5.3.0 * @@ -471,7 +508,7 @@ } /** - * Checks if a given request can perform post processing on an attachment. + * Checks if a given request can perform post-processing on an attachment. * * @since 5.3.0 * @@ -531,7 +568,7 @@ ); } - $supported_types = array( 'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif' ); + $supported_types = array( 'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif', 'image/heic' ); $mime_type = get_post_mime_type( $attachment_id ); if ( ! in_array( $mime_type, $supported_types, true ) ) { return new WP_Error( @@ -601,7 +638,7 @@ $args = $modifier['args']; switch ( $modifier['type'] ) { case 'rotate': - // Rotation direction: clockwise vs. counter clockwise. + // Rotation direction: clockwise vs. counterclockwise. $rotate = 0 - $args['angle']; if ( 0 !== $rotate ) { @@ -661,7 +698,7 @@ $filename = "{$image_name}.{$image_ext}"; - // Create the uploads sub-directory if needed. + // Create the uploads subdirectory if needed. $uploads = wp_upload_dir(); // Make the file name unique in the (new) upload directory. @@ -1207,7 +1244,7 @@ continue; } - list( $type, $attr_parts ) = explode( ';', $value, 2 ); + list( , $attr_parts ) = explode( ';', $value, 2 ); $attr_parts = explode( ';', $attr_parts ); $attributes = array();