WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 7 months ago

#13500 closed enhancement (wontfix)

Add support for XML in allowed extensions and mime types

Reported by: fazalmajid Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Upload Keywords:
Focuses: Cc:

Description

As with #12849, please add CSV and XML types to wp_ext2type() or get_allowed_mime_types() in functions.php.

The patch I use on my local install of Wordpress is:

--- wp-includes/functions.php~  Wed Dec 23 19:38:49 2009
+++ wp-includes/functions.php   Wed Dec 30 16:09:13 2009
@@ -2324,6 +2324,10 @@
                'odc' => 'application/vnd.oasis.opendocument.chart',
                'odb' => 'application/vnd.oasis.opendocument.database',
                'odf' => 'application/vnd.oasis.opendocument.formula',
+               'py' => 'application/python',
+               'xml' => 'text/xml',
+               'csv' => 'text/csv',
                ) );
        }

Change History (5)

comment:1 dd324 years ago

  • Component changed from General to Upload
  • Milestone changed from Unassigned to 3.1

csv has been added already, xml is worth adding, py along with a lot of other programming language files should probably also be added.

comment:2 nacin3 years ago

  • Milestone changed from Awaiting Triage to Future Release

comment:3 nacin21 months ago

  • Summary changed from Add support for CSV and XML mime types in functions.php to Add support for XML in allowed extensions and mime types

Adding programming files could certainly cause these files to be executed. Just think about *.php :-)

comment:4 pbaylies7 months ago

  • Cc pbaylies added

comment:5 nacin7 months ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

*.xml *could* be added as a recognized extension, but not as an allowed extension. Super dangerous and can lead to remote code execution. Better to not add it at all. #24251

Note: See TracTickets for help on using tickets.