[wp-trac] Re: [WordPress Trac] #4136: Admin should not by stopped
from uploading any type of file
WordPress Trac
wp-trac at lists.automattic.com
Wed Apr 11 20:36:25 GMT 2007
#4136: Admin should not by stopped from uploading any type of file
----------------------------+-----------------------------------------------
Reporter: foolswisdom | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.3
Component: Administration | Version: 2.2
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by jhodgdon):
I verified the bug report: if you try to upload a file with ODT extension,
it fails with the given warning. It is probably more or less version
independent, because the "security check" is done in function
wp_check_filetype in wp-includes/functions.php, where the file extension
is checked against a list of known MIME types, and ODT is not in that
list.
However, there is no way the list of MIME types in that function will ever
be complete -- there are too many MIME types out there. There is also a
plugin hook there (upload_mimes), so anyone wanting to allow new file
types can write a plugin to do it. So why choose to add this particular
MIME type and not a whole host of others? I am not in favor of adding this
particular one, necessarily.
As far as the question of allowing admin to upload whatever file admin
wants to, this makes more sense to me, but I think it should be
implemented with something like this:
current_user_can( 'override_upload_mimes' )
This would go into function wp_handle_upload in file wp-
admin/admin_functions.php, and then of course the admin user would have to
be given this permission by default... not sure how to do that...
--
Ticket URL: <http://trac.wordpress.org/ticket/4136#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list