Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#14257 closed enhancement (wontfix)

Allow php source (.phps) to be uploaded

Reported by: ryanmurphy's profile RyanMurphy Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upload Keywords: has-patch
Focuses: Cc:

Description

Users are not able to upload .phps files, and since 2.8.5 when unfiltered_uploads is off, this applies to administrators as well. This should be a relatively safe filetype to allow.

Attachments (1)

14257.functions.php (454 bytes) - added by RyanMurphy 14 years ago.

Download all attachments as: .zip

Change History (5)

#1 @scribu
14 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 3.1

Looks ok.

Note: When submitting a patch, give it an extension of .diff or .patch.

#2 @nacin
14 years ago

Issue here I think is the potential that poorly configured servers might execute this file.

#3 @westi
14 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

I don't think we should add this to the whitelist at this point because I not sure it is 100% safe.

It is easy to add this to your own site if you want.

There is a plugin with a ui or you can put code in a mu-plugin.

http://wordpress.org/extend/plugins/pjw-mime-config/

#4 @nacin
14 years ago

  • Milestone 3.1 deleted
Note: See TracTickets for help on using tickets.