Upload filter does not work
|Reported by:||AbbeKeultjes||Owned by:|
|Severity:||normal||Keywords:||upload files security|
I work for a company that builds and hosts multiple websites. Recently I set up a Wordpress website for a client.
The flash uploader works fine, except that it uploads ALL files. I can upload .php files, .exe files and even made up files.
By default Wordpress accepts .exe files (in wp-includes/functions.php there's an array with accepted mime types), but it shouldn't accept .php files, nor made up files.
Change History (4)
- Priority changed from normal to lowest
- Resolution set to worksforme
- Status changed from new to closed