Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#14257 closed enhancement (wontfix)

Allow php source (.phps) to be uploaded

Reported by: RyanMurphy Owned by:
Priority: normal Milestone:
Component: Upload Version:
Severity: normal Keywords: has-patch
Cc:

Description

Users are not able to upload .phps files, and since 2.8.5 when unfiltered_uploads is off, this applies to administrators as well. This should be a relatively safe filetype to allow.

Attachments (1)

14257.functions.php (454 bytes) - added by RyanMurphy 3 years ago.

Download all attachments as: .zip

Change History (5)

RyanMurphy3 years ago

comment:1   scribu3 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 3.1

Looks ok.

Note: When submitting a patch, give it an extension of .diff or .patch.

comment:2   nacin3 years ago

Issue here I think is the potential that poorly configured servers might execute this file.

comment:3   westi3 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

I don't think we should add this to the whitelist at this point because I not sure it is 100% safe.

It is easy to add this to your own site if you want.

There is a plugin with a ui or you can put code in a mu-plugin.

http://wordpress.org/extend/plugins/pjw-mime-config/

comment:4   nacin3 years ago

  • Milestone 3.1 deleted
Note: See TracTickets for help on using tickets.