Font Library backend: can we use _wp_handle_upload() mime type validation ?

[matiasbenedetto]

What ?

Could we use _wp_handle_upload() mime type validation in the Font Library backend ?

See:

gutenberg/lib/experimental/fonts-library/class-wp-font-family.php

Line 184 in 69d9ca3

'test_type' => false,

gutenberg/lib/experimental/fonts-library/class-wp-font-family.php

Line 227 in 69d9ca3

$handled_file = wp_handle_upload( $file, $overrides );

gutenberg/lib/experimental/fonts-library/class-wp-font-family.php

Line 278 in 69d9ca3

$handled_file = wp_handle_upload( $file, $overrides );

_wp_handle_upload() documents a 'mimes' key for $overrides which gets passed to wp_check_filetype_and_ext(), so would something like this work?

'test_type' => true,
'mimes'     => array(
	'woff' => PHP_VERSION_ID >= 80112 ? 'font/woff' : 'application/font-woff',
	'and'  => 'so on',
),

Context

See this @costdev 's comment here:
#52704 (comment)

Tracking issue

Part of Fonts Library implementation effort:
#52698

[madhusudhand]

@matiasbenedetto @costdev

I looked into the issue and the check fails because of the following.

The function _wp_handle_upload makes a call to wp_check_filetype_and_ext to get file type and extension and then validates them against given mime types.

But the function wp_check_filetype_and_ext returns type and ext as false because the real_mime returned for the font files is application/octet-stream
following condition makes it fail as it doesn't fall under any of 'application', 'video', 'audio'

/*
* If $real_mime doesn't match the content type we're expecting from the file's extension,
* we need to do some additional vetting. Media types and those listed in $nonspecific_types are
* allowed some leeway, but anything else must exactly match the real content type.
*/
if ( in_array( $real_mime, $nonspecific_types, true ) ) {
	// File is a non-specific binary type. That's ok if it's a type that generally tends to be binary.
	if ( ! in_array( substr( $type, 0, strcspn( $type, '/' ) ), array( 'application', 'video', 'audio' ), true ) ) {
		$type = false;
		$ext  = false;
	}
}

WordPress core should add support for font in this array array( 'application', 'video', 'audio') to support mime check for fonts.

[matiasbenedetto]

I think we should consider adding font to this array. Do you think it creates any issues?

Yes, that could work. I'm not aware of specific restrictions about that maybe @azaozz could add more input here.
Meanwhile, I think it could be good to submit a PR with the fix and discuss it there.

[madhusudhand]

Related to: php/php-src#8805

Trac issue: https://core.trac.wordpress.org/ticket/59277#ticket