[wp-trac] [WordPress Trac] #47752: Fix upload of .srt files
WordPress Trac
noreply at wordpress.org
Sun Sep 22 21:18:41 UTC 2019
#47752: Fix upload of .srt files
-------------------------------------------------+-------------------------
Reporter: afercia | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future
| Release
Component: Upload | Version: 5.0.1
Severity: normal | Resolution:
Keywords: has-screenshots has-patch has-unit- | Focuses:
tests 2nd-opinion |
-------------------------------------------------+-------------------------
Changes (by azaozz):
* keywords: has-screenshots has-patch has-unit-tests => has-screenshots
has-patch has-unit-tests 2nd-opinion
* milestone: 5.3 => Future Release
Comment:
> If text/html is detected as the MIME type and the file extension is .srt
then it will be allowed through.
Wondering how "safe" are the .srt files that contain HTML tags.
- What happens if a user downloads such file directly in the browser?
- Shouldn't handling of .srt files match handling of other text/html
files?
- By default HTML files are not allowed. If WP needs an exception for .srt
files that contain tags, how can we ensure they are "safe for use"?
It seems that we shouldn't allow .srt files that contain HTML tags. Moving
to future release for further review/investigation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47752#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list