Commit 1bcda42567 for wordpress.org

commit 1bcda42567b71acf2d12bd4cd8c79c891972c35c
Author: John Blackbourn <johnbillion@git.wordpress.org>
Date:   Sun Oct 18 21:06:05 2020 +0000

    Media: Add an `image_sideload_extensions` filter to the list of allowed file extensions when sideloading an image from a URL.

    Props paulschreiber, hellofromTonya

    Fixes #50695

    Built from https://develop.svn.wordpress.org/trunk@49198


    git-svn-id: http://core.svn.wordpress.org/trunk@48960 1a063a9b-81f0-0310-95a4-ce76da25c4cd

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index e2f21426dd..1efea2f0ee 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -980,8 +980,29 @@ function wp_media_upload_handler() {
 function media_sideload_image( $file, $post_id = 0, $desc = null, $return = 'html' ) {
 	if ( ! empty( $file ) ) {

+		$allowed_extensions = array( 'jpg', 'jpeg', 'jpe', 'png', 'gif' );
+
+		/**
+		 * Filters the list of allowed file extensions when sideloading an image from a URL.
+		 *
+		 * The default allowed extensions are:
+		 *
+		 *  - `jpg`
+		 *  - `jpeg`
+		 *  - `jpe`
+		 *  - `png`
+		 *  - `gif`
+		 *
+		 * @since 5.6.0
+		 *
+		 * @param string[] $allowed_extensions Array of allowed file extensions.
+		 * @param string   $file               The URL of the image to download.
+		 */
+		$allowed_extensions = apply_filters( 'image_sideload_extensions', $allowed_extensions, $file );
+		$allowed_extensions = array_map( 'preg_quote', $allowed_extensions );
+
 		// Set variables for storage, fix file filename for query strings.
-		preg_match( '/[^\?]+\.(jpe?g|jpe|gif|png)\b/i', $file, $matches );
+		preg_match( '/[^\?]+\.(' . implode( '|', $allowed_extensions ) . ')\b/i', $file, $matches );

 		if ( ! $matches ) {
 			return new WP_Error( 'image_sideload_failed', __( 'Invalid image URL.' ) );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index e894aaf0c7..dbacca2327 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.6-alpha-49197';
+$wp_version = '5.6-alpha-49198';

 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.