#27063 closed enhancement (wontfix)
Add epub to the list in wp_get_mime_types()
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 3.8.1 |
| Component: | Media | Keywords: | has-patch |
| Focuses: | Cc: |
Description
epub files should be added to the list of filetypes in the wp_get_mime_types() function.
Attachments (1)
Change History (9)
#4
follow-up:
↓ 5
@
11 years ago
The only security risk I see in adding epub is that it's XML which could have <script> elements in it.
#5
in reply to:
↑ 4
@
11 years ago
Replying to aubreypwd:
The only security risk I see in adding epub is that it's XML which could have <script> elements in it.
If that's a possibility then perhaps rather than impose this upon all WordPress installs, it should remain a site specific amendment via the already available hooks.
#7
@
11 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
Unfortunately XML files need to be carefully sanitized in order to not be vulnerable to some serious vulnerabilities, namely an XML bomb (exponential entity expansion) and XXE (XML external entity) injection. We have no plans to attempt this in core, as these are just incredibly dangerous.
This could be done using the existing WordPress filter system:
http://codex.wordpress.org/Plugin_API/Filter_Reference/upload_mimes
Or even a less well documented filter:
http://sumobi.com/how-to-add-a-new-mime-type-to-wordpress/
Or even an existing plugin:
http://wordpress.org/plugins/wp-add-mime-types/