Please add .ics to security guidelines' "whitelist."
|Reported by:||janas||Owned by:||westi|
I upload files (usually images for display, sometimes PDFs for download) either from the WordPress dashboard ("Add New Media" on left column), or from the "Add Media" button while editing a page ("Upload/Insert" above the editing box).
The uploader uploads my ICS (iCal Export) file, then says in red: "File type does not meet security guidelines. Try another."
I want to be able to upload our ICS file, for our fans to download and import into their calendars if they choose. Personally, I frequently download ICS files from Facebook event pages and other sources for import into my own iCal—as a fan I find quite a handy time-saver.
ICS files are not executables, so I don't know that they could be used maliciously.
Change History (10)
- Keywords needs-patch added; .ics iCal calendar file export upload download security guidelines whitelist removed
- Milestone changed from Awaiting Review to Future Release
- Type changed from defect (bug) to enhancement
- Component changed from Security to Upload
- Keywords 3.2-early added
- Owner changed from janas to westi
- Status changed from new to reviewing
comment:5 follow-up: ↓ 6 @aaroncampbell — 5 years ago
- Keywords 3.2-early removed
- Milestone changed from Future Release to 3.2
- Priority changed from normal to lowest
- Severity changed from normal to minor
- Version set to 3.1