Opened 14 years ago
Closed 14 years ago
#15916 closed enhancement (fixed)
Please add .ics to security guidelines' "whitelist."
Reported by: | janas | Owned by: | westi |
---|---|---|---|
Milestone: | 3.2 | Priority: | lowest |
Severity: | minor | Version: | 3.1 |
Component: | Upload | Keywords: | has-patch |
Focuses: | Cc: |
Description
I upload files (usually images for display, sometimes PDFs for download) either from the WordPress dashboard ("Add New Media" on left column), or from the "Add Media" button while editing a page ("Upload/Insert" above the editing box).
The uploader uploads my ICS (iCal Export) file, then says in red: "File type does not meet security guidelines. Try another."
I want to be able to upload our ICS file, for our fans to download and import into their calendars if they choose. Personally, I frequently download ICS files from Facebook event pages and other sources for import into my own iCal—as a fan I find quite a handy time-saver.
ICS files are not executables, so I don't know that they could be used maliciously.
Thank you.
Attachments (1)
Change History (10)
#2
@
14 years ago
- Keywords needs-patch added; .ics iCal calendar file export upload download security guidelines whitelist removed
- Milestone changed from Awaiting Review to Future Release
- Type changed from defect (bug) to enhancement
#4
@
14 years ago
- Component changed from Security to Upload
- Keywords 3.2-early added
- Owner changed from janas to westi
- Status changed from new to reviewing
#5
follow-up:
↓ 6
@
14 years ago
There's a really simple fix for this:
function allow_new_filetypes( $mimes ) { $mimes['ics'] = 'text/calendar'; return $mimes; } add_filter( 'upload_mimes', 'allow_new_filetypes' );
You can put that in your theme's functions.php file, or put it in a file and drop it in your mu-plugins folder.
#6
in reply to:
↑ 5
@
14 years ago
Replying to aaroncampbell:
There's a really simple fix for this:
function allow_new_filetypes( $mimes ) { $mimes['ics'] = 'text/calendar'; } add_filter( 'upload_mimes', 'allow_new_filetypes' );You can put that in your theme's functions.php file, or put it in a file and drop it in your mu-plugins folder.
Don't forget the:
return $mimes
At the end of the function
#7
@
14 years ago
Thanks Westi. I can't believe I left it off (guess that's what you get when you just type the code here in the ticket rather than testing it first). I updated my code above in case anyone tries to copy/paste.
Plugin in the meantime: http://wordpress.org/extend/plugins/pjw-mime-config/, or disable filtered uploads if you trust all of your users.