[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Sat Feb 27 13:51:55 UTC 2016
#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+------------------------------
Reporter: JustinSainton | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: early | Focuses:
---------------------------+------------------------------
Comment (by LewisCowles):
This thread is like the highlight-section of why there is such high
frequency anti-wp sentiment amongst most IT professionals... IT took
virtually no time at all to build the PoC WP plugin to allow uploads of
SVG; and display in gallery. Then WP released an update and the plugin had
to be modified.
I tested this morning; WP does not protect against me uploading a text-
file renamed to .png, so there is probably very little to stop me
uploading a malicious payload in any format. Let's stop the arbitrary, and
frankly deluded fixation on the content-management system sanitizing
anything, let alone SVG files; issue some simple guidance that you
shouldn't just upload things to the internet and move on with SVG support.
You've had some really fantastic updates and releases since I first came
to this thread; the addition of taxonomy meta-data, better user-password
system (although I can still maliciously inject an MD5 password to
override); and a REST API have been fantastic, I don't understand why this
is such an issue when others have provided working code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:54>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list