id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
17454	get_allowed_mime_types() does not return correct data	MungoBBQ		"Hello,

I am the developer of the ""Enable Media Replace"" plugin. A while back, my plugin was flagged as ""insecure"" by a couple of online watchlists, since the plugin did not check what files were uploaded to replace files. A user could then upload a .php-file and execute it. Bad idea.

So I had to resort to using get_allowed_mime_types() to check for an allowed MIME type before writing an uploaded file to disk. It works fine, except get_allowed_mime_types does not include MIME types added by a filter such as ""add_filter('upload_mimes', 'addUploadMimes');""

See http://wordpress.org/support/topic/plugin-enable-media-replace-file-type-does-not-meet-security-guidelines for a discussion with some users experiencing problems.

I suggest that the function ""get_allowed_mime_types"" should return ALL allowed MIME types - including those added by a filter in functions.php or a plugin. "	defect (bug)	closed	normal		General	3.1.2	major	invalid