Gracefully skip media sideload for disallowed MIME types (e.g., SVG)

includes/admin/feedzy-rss-feeds-import.php

@@ -1,3 +1,3 @@
 <?php
 /**
  * The admin-specific functionality of the plugin.
@@ -756,7 +756,7 @@
 			// Added this to activate post if publish is clicked and sometimes it does not change status.
 			if (
 				$source_is_valid && isset( $_POST['custom_post_status'] ) &&
 				'Publish' === sanitize_text_field( $_POST['custom_post_status'] )
 			) {
 				$activate = array(
 					'ID'          => $post_id,
@@ -1365,7 +1365,7 @@
 	private function get_taxonomies() {
 		check_ajax_referer( FEEDZY_BASEFILE, 'security' );
 
 		$post_type  = isset( $_POST['post_type'] ) ? sanitize_text_field( $_POST['post_type'] ) : '';
 		$taxonomies = get_object_taxonomies(
 			array(
 				'post_type' => $post_type,
@@ -1436,7 +1436,7 @@
 	private function dry_run() {
 		check_ajax_referer( FEEDZY_BASEFILE, 'security' );
 
 		$fields = urldecode( isset( $_POST['fields'] ) ? sanitize_url( $_POST['fields'] ) : '' );
 		parse_str( $fields, $data );
 
 		$feedzy_meta_data = $data['feedzy_meta_data'];
@@ -1596,7 +1596,7 @@
 				do_action( 'feedzy_run_cron_extra', $job );
 			} catch ( Exception $e ) {
 				if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
 					error_log( '[Feedzy Run Cron][Post title: ' . ( ! empty( $job->post_title ) ? $job->post_title : '' ) . '] Error: ' . $e->getMessage() );
 				}
 
 				Feedzy_Rss_Feeds_Log::error(
@@ -1791,7 +1791,7 @@
 		delete_post_meta( $job->ID, 'import_info' );
 
 		// let's increase this time in case spinnerchief/wordai is being used.
 		set_time_limit( apply_filters( 'feedzy_max_execution_time', 500 ) );
 
 		$count               = 0;
 		$index               = 0;
@@ -3036,6 +3036,11 @@
 				$type = $this->get_file_type_by_url( $img_source_url );
 			}
 
+			// Normalize the MIME type: lowercase and strip any parameters (e.g., "; charset=UTF-8").
+			if ( ! empty( $type ) ) {
+				$type = strtolower( trim( explode( ';', $type )[0] ) );
+			}
+
 			// the file is downloaded with a .tmp extension
 			// if the URL mentions the extension of the file, the upload succeeds
 			// but if the URL is like https://source.unsplash.com/random, then the upload fails
@@ -3044,7 +3049,7 @@
 				$new_local_file = str_replace( '.tmp', str_replace( 'image/', '.', $type ), $local_file );
 
 				// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_rename
 				$renamed = rename( $local_file, $new_local_file );
 				if ( $renamed ) {
 					$local_file = $new_local_file;
 				} else {
@@ -3061,6 +3066,23 @@
 
 					return false;
 				}
+			} elseif ( ! empty( $type ) ) {
+				// The file type is not allowed by WordPress (e.g., SVG).
+				// Skip the upload gracefully to avoid error log spam.
+				Feedzy_Rss_Feeds_Log::debug(
+					// translators: %1$s is the MIME type, %2$s is the image source URL.
+					sprintf( __( 'Skipping image upload — file type "%1$s" is not allowed by WordPress: %2$s', 'feedzy-rss-feeds' ), $type, $img_source_url ),
+					array(
+						'post_id'        => $post_id,
+						'img_source_url' => $img_source_url,
+						'mime_type'      => $type,
+					)
+				);
+
+				// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_unlink
+				unlink( $local_file );
+
+				return false;
 			}
 
 			$file_array['tmp_name'] = $local_file;
@@ -3078,7 +3100,7 @@
 				);
 
 				// phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_unlink
 				unlink( $file_array['tmp_name'] );
 
 				return false;
 			}
@@ -3135,7 +3157,7 @@
 
 		if (
 			( isset( $_POST['nonce'] ) && isset( $_POST['tab'] ) ) &&
 			wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), sanitize_text_field( $_POST['tab'] ) )
 		) {
 			if ( ! empty( $_POST['fz_cron_schedule'] ) ) {
 				$schedule = sanitize_text_field( wp_unslash( $_POST['fz_cron_schedule'] ) );
@@ -3388,7 +3410,7 @@
 	public function save_tab_settings( $settings, $tab ) {
 		if (
 			! isset( $_POST['nonce'] ) ||
 			! wp_verify_nonce( sanitize_text_field( $_POST['nonce'] ), $tab )
 		) {
 			return array();
 		}