WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#14257 closed enhancement (wontfix)

Allow php source (.phps) to be uploaded

Reported by: RyanMurphy Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upload Keywords: has-patch
Focuses: Cc:

Description

Users are not able to upload .phps files, and since 2.8.5 when unfiltered_uploads is off, this applies to administrators as well. This should be a relatively safe filetype to allow.

Attachments (1)

14257.functions.php (454 bytes) - added by RyanMurphy 5 years ago.

Download all attachments as: .zip

Change History (5)

@RyanMurphy5 years ago

comment:1 @scribu5 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 3.1

Looks ok.

Note: When submitting a patch, give it an extension of .diff or .patch.

comment:2 @nacin5 years ago

Issue here I think is the potential that poorly configured servers might execute this file.

comment:3 @westi5 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

I don't think we should add this to the whitelist at this point because I not sure it is 100% safe.

It is easy to add this to your own site if you want.

There is a plugin with a ui or you can put code in a mu-plugin.

http://wordpress.org/extend/plugins/pjw-mime-config/

comment:4 @nacin5 years ago

  • Milestone 3.1 deleted
Note: See TracTickets for help on using tickets.