Make WordPress Core

Opened 6 years ago

Closed 2 years ago

#13500 closed enhancement (wontfix)

Add support for XML in allowed extensions and mime types

Reported by: fazalmajid Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Upload Keywords:
Focuses: Cc:


As with #12849, please add CSV and XML types to wp_ext2type() or get_allowed_mime_types() in functions.php.

The patch I use on my local install of Wordpress is:

--- wp-includes/functions.php~  Wed Dec 23 19:38:49 2009
+++ wp-includes/functions.php   Wed Dec 30 16:09:13 2009
@@ -2324,6 +2324,10 @@
                'odc' => 'application/vnd.oasis.opendocument.chart',
                'odb' => 'application/vnd.oasis.opendocument.database',
                'odf' => 'application/vnd.oasis.opendocument.formula',
+               'py' => 'application/python',
+               'xml' => 'text/xml',
+               'csv' => 'text/csv',
                ) );

Change History (5)

#1 @dd32
6 years ago

  • Component changed from General to Upload
  • Milestone changed from Unassigned to 3.1

csv has been added already, xml is worth adding, py along with a lot of other programming language files should probably also be added.

#2 @nacin
5 years ago

  • Milestone changed from Awaiting Triage to Future Release

#3 @nacin
3 years ago

  • Summary changed from Add support for CSV and XML mime types in functions.php to Add support for XML in allowed extensions and mime types

Adding programming files could certainly cause these files to be executed. Just think about *.php :-)

#4 @pbaylies
2 years ago

  • Cc pbaylies added

#5 @nacin
2 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

*.xml *could* be added as a recognized extension, but not as an allowed extension. Super dangerous and can lead to remote code execution. Better to not add it at all. #24251

Note: See TracTickets for help on using tickets.