[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types

WordPress Trac noreply at wordpress.org
Wed Jun 3 09:01:44 UTC 2015 

#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+----------------------
 Reporter:  JustinSainton  |       Owner:
     Type:  enhancement    |      Status:  closed
 Priority:  normal         |   Milestone:
Component:  Upload         |     Version:
 Severity:  normal         |  Resolution:  wontfix
 Keywords:                 |     Focuses:
---------------------------+----------------------

Comment (by LewisCowles):

 What an assinine response. Most of the CVE's are browser specific, version
 specific, OS specific and / or library specific where the same exists
 between browsers; not to mention ARE A FRONT-END ISSUE, NOT A WORDPRESS
 CODEBASE ISSUE!!! i.e. http://www.cvedetails.com/cve/CVE-2014-1745/, which
 is a CVE caused by a TAG... Again, I suggest RESTRICT ALL USERS, which
 mitigates potential risk a lot better than banning a file-format, so ban
 your author that has the dodgy SVG, and it won't affect your users because
 you will have an editor! (Use the roles luke...) What you report to think
 is rational, is like eating with your hands because knives and forks are
 pointy, and might stab or slice, because there are thousands of cases
 every year of that happening...

 On your point on toasters, that is a false analogy. I Have not said it is
 reasonable to assume the WordPress uploader should do anything but upload
 valid WWW media files. Also out of the remit of the uploader should be
 checking licenses, and other such minutia I have not mentioned... It would
 be fair to assume that it should not upload files known to not be
 supported in targetted browsers, but SVG has very good support in modern
 browsers. I'm not even against the middle-ground of them being turned off
 with an admin option to enable them, but this is not something even
 considered in this polarized non-debate.

 A more correct analogy would be, when I put something that fits in the
 toaster, have the toaster powered on, and pull down the lever on the
 toaster; I expect it to turn on, and create heat, subject to the working
 condition of the heating elements. I do not expect it to respond only to
 specific brands of bread, or to check the chemical consistency to stop me
 heating up plastics, or toxic matter.

 LESSON?
 The toaster manufacturers go to very litte effort to stop me doing what I
 like with my toaster, because it is REASONABLE to assume that only a
 special kind of idiot would misuse the toaster. They also don't have cut-
 off switches for electrical shorts etc, because you shouldn't be fiddling
 with the toaster! (See https://www.youtube.com/watch?v=oz0Dln1_QnA)

 To be honest I am not even pushing for SVG on your platform any more, I
 have given up on it, along with the desire to give anything back to the
 Core. From the TRAC discussions I have been involved in, I am less than
 impressed with the rest of WordPress, as it also suffers this hyperbolic
 nonsense, which does not seem restricted to media file support, and I have
 witnessed failing, despite all the red tape...

 Bottom line I have a plugin that works, and I make sure anyone that reads
 the comments in the code, or asks why they need a plugin for a basic file-
 format, knows it exists only because of a fringe of paranoid academia,
 that is prevalent in design by comittee.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list