[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types

WordPress Trac noreply at wordpress.org
Thu May 2 20:21:22 UTC 2013


#24251: Reconsider SVG inclusion to get_allowed_mime_types
------------------------------------+------------------------------
 Reporter:  JustinSainton           |       Owner:
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Upload                  |     Version:
 Severity:  minor                   |  Resolution:
 Keywords:  has-patch dev-feedback  |
------------------------------------+------------------------------

Comment (by nacin):

 There are also XXE vulnerabilities to be weary of.

 There is an ALLOW_UNFILTERED_UPLOADS constant. There are also plugins that
 enable users to add types. Given how much would be required to make sure
 these are safe, this is a wontfix for now (and probably for a long while).

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/24251#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list