Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#14257 closed enhancement (wontfix)

Allow php source (.phps) to be uploaded

Reported by: RyanMurphy Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upload Keywords: has-patch
Focuses: Cc:


Users are not able to upload .phps files, and since 2.8.5 when unfiltered_uploads is off, this applies to administrators as well. This should be a relatively safe filetype to allow.

Attachments (1)

14257.functions.php (454 bytes) - added by RyanMurphy 5 years ago.

Download all attachments as: .zip

Change History (5)

#1 @scribu
5 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 3.1

Looks ok.

Note: When submitting a patch, give it an extension of .diff or .patch.

#2 @nacin
5 years ago

Issue here I think is the potential that poorly configured servers might execute this file.

#3 @westi
5 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

I don't think we should add this to the whitelist at this point because I not sure it is 100% safe.

It is easy to add this to your own site if you want.

There is a plugin with a ui or you can put code in a mu-plugin.


#4 @nacin
5 years ago

  • Milestone 3.1 deleted
Note: See TracTickets for help on using tickets.