Make WordPress Core

Opened 13 years ago

Closed 10 years ago

#13500 closed enhancement (wontfix)

Add support for XML in allowed extensions and mime types

Reported by: fazalmajid's profile fazalmajid Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Upload Keywords:
Focuses: Cc:


As with #12849, please add CSV and XML types to wp_ext2type() or get_allowed_mime_types() in functions.php.

The patch I use on my local install of Wordpress is:

--- wp-includes/functions.php~  Wed Dec 23 19:38:49 2009
+++ wp-includes/functions.php   Wed Dec 30 16:09:13 2009
@@ -2324,6 +2324,10 @@
                'odc' => 'application/vnd.oasis.opendocument.chart',
                'odb' => 'application/vnd.oasis.opendocument.database',
                'odf' => 'application/vnd.oasis.opendocument.formula',
+               'py' => 'application/python',
+               'xml' => 'text/xml',
+               'csv' => 'text/csv',
                ) );

Change History (5)

#1 @dd32
13 years ago

  • Component changed from General to Upload
  • Milestone changed from Unassigned to 3.1

csv has been added already, xml is worth adding, py along with a lot of other programming language files should probably also be added.

#2 @nacin
13 years ago

  • Milestone changed from Awaiting Triage to Future Release

#3 @nacin
11 years ago

  • Summary changed from Add support for CSV and XML mime types in functions.php to Add support for XML in allowed extensions and mime types

Adding programming files could certainly cause these files to be executed. Just think about *.php :-)

#4 @pbaylies
10 years ago

  • Cc pbaylies added

#5 @nacin
10 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

*.xml *could* be added as a recognized extension, but not as an allowed extension. Super dangerous and can lead to remote code execution. Better to not add it at all. #24251

Note: See TracTickets for help on using tickets.