From 1277aaf3b9e44d50064b6587eb6bb5c962062282 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 11 May 2026 18:04:46 +0000
Subject: [PATCH 1/3] Initial plan


From 25a7dd5fef5724261c681c1b56ed9f96ba91b7ae Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 11 May 2026 18:32:16 +0000
Subject: [PATCH 2/3] Prevent Media Library upload errors for disallowed file
 types (e.g., SVG)

Add an elseif check in try_save_featured_image() that detects when a
downloaded file's MIME type is not in WordPress's allowed upload types.
Instead of proceeding with media_handle_sideload() which would fail and
log an error, it now gracefully skips the upload with a debug-level log
message, cleans up the temporary file, and returns false.

This prevents the "Sorry, you are not allowed to upload this file type"
error spam in log reports when Feedzy uses its default feedzy.svg
placeholder as a featured image during imports.

Agent-Logs-Url: https://github.com/Codeinwp/feedzy-rss-feeds/sessions/0f3a59f0-d3d7-48d2-bf51-c093e46abd44

Co-authored-by: kushh23 <110405452+kushh23@users.noreply.github.com>
---
 includes/admin/feedzy-rss-feeds-import.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/includes/admin/feedzy-rss-feeds-import.php b/includes/admin/feedzy-rss-feeds-import.php
index 701eaf3f..1ca572ac 100644
--- a/includes/admin/feedzy-rss-feeds-import.php
+++ b/includes/admin/feedzy-rss-feeds-import.php
@@ -3061,6 +3061,23 @@ private function try_save_featured_image( $img_source_url, $post_id, $post_title
 
 					return false;
 				}
+			} elseif ( ! empty( $type ) ) {
+				// The file type is not allowed by WordPress (e.g., SVG).
+				// Skip the upload gracefully to avoid error log spam.
+				Feedzy_Rss_Feeds_Log::debug(
+					// translators: %1$s is the MIME type, %2$s is the image source URL.
+					sprintf( __( 'Skipping image upload — file type "%1$s" is not allowed by WordPress: %2$s', 'feedzy-rss-feeds' ), $type, $img_source_url ),
+					array(
+						'post_id'        => $post_id,
+						'img_source_url' => $img_source_url,
+						'mime_type'      => $type,
+					)
+				);
+
+				// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_unlink
+				unlink( $local_file );
+
+				return false;
 			}
 
 			$file_array['tmp_name'] = $local_file;

From a776cbe968694fcbd0edbdad641e13c2b47ba335 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 18 May 2026 21:50:08 +0000
Subject: [PATCH 3/3] Normalize MIME type before allowed-type check to prevent
 false rejections

Lowercase the type and strip parameters (e.g., "; charset=UTF-8") so
that content-type values from HTTP headers match get_allowed_mime_types()
correctly and valid images are not incorrectly skipped.

Agent-Logs-Url: https://github.com/Codeinwp/feedzy-rss-feeds/sessions/c5a4d11c-804a-4e60-8284-9695b1527dc8

Co-authored-by: kushh23 <110405452+kushh23@users.noreply.github.com>
---
 includes/admin/feedzy-rss-feeds-import.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/includes/admin/feedzy-rss-feeds-import.php b/includes/admin/feedzy-rss-feeds-import.php
index 1ca572ac..daf69a32 100644
--- a/includes/admin/feedzy-rss-feeds-import.php
+++ b/includes/admin/feedzy-rss-feeds-import.php
@@ -3036,6 +3036,11 @@ private function try_save_featured_image( $img_source_url, $post_id, $post_title
 				$type = $this->get_file_type_by_url( $img_source_url );
 			}
 
+			// Normalize the MIME type: lowercase and strip any parameters (e.g., "; charset=UTF-8").
+			if ( ! empty( $type ) ) {
+				$type = strtolower( trim( explode( ';', $type )[0] ) );
+			}
+
 			// the file is downloaded with a .tmp extension
 			// if the URL mentions the extension of the file, the upload succeeds
 			// but if the URL is like https://source.unsplash.com/random, then the upload fails