[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Thu May 2 20:21:22 UTC 2013
#24251: Reconsider SVG inclusion to get_allowed_mime_types
------------------------------------+------------------------------
Reporter: JustinSainton | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: minor | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------------------
Comment (by nacin):
There are also XXE vulnerabilities to be weary of.
There is an ALLOW_UNFILTERED_UPLOADS constant. There are also plugins that
enable users to add types. Given how much would be required to make sure
these are safe, this is a wontfix for now (and probably for a long while).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24251#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list