Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 3 years ago

#27063 closed enhancement (wontfix)

Add epub to the list in wp_get_mime_types()

Reported by: thomaswm's profile thomaswm Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.8.1
Component: Media Keywords: has-patch
Focuses: Cc:

Description

epub files should be added to the list of filetypes in the wp_get_mime_types() function.

Attachments (1)

myfirst.diff (469 bytes) - added by thomaswm 10 years ago.

Download all attachments as: .zip

Change History (9)

@thomaswm
10 years ago

#1 @SergeyBiryukov
10 years ago

  • Component changed from General to Media
  • Keywords has-patch added

#2 @SergeyBiryukov
10 years ago

  • Type changed from defect (bug) to enhancement

#3 @MattyRob
10 years ago

This could be done using the existing WordPress filter system:
http://codex.wordpress.org/Plugin_API/Filter_Reference/upload_mimes

Or even a less well documented filter:
http://sumobi.com/how-to-add-a-new-mime-type-to-wordpress/

Or even an existing plugin:
http://wordpress.org/plugins/wp-add-mime-types/

#4 follow-up: @aubreypwd
10 years ago

The only security risk I see in adding epub is that it's XML which could have <script> elements in it.

#5 in reply to: ↑ 4 @MattyRob
10 years ago

Replying to aubreypwd:

The only security risk I see in adding epub is that it's XML which could have <script> elements in it.

If that's a possibility then perhaps rather than impose this upon all WordPress installs, it should remain a site specific amendment via the already available hooks.

#6 @aubreypwd
10 years ago

Yeah, I think this is plugin material.

#7 @nacin
10 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Unfortunately XML files need to be carefully sanitized in order to not be vulnerable to some serious vulnerabilities, namely an XML bomb (exponential entity expansion) and XXE (XML external entity) injection. We have no plans to attempt this in core, as these are just incredibly dangerous.

#8 @SergeyBiryukov
3 years ago

#51341 was marked as a duplicate.

Note: See TracTickets for help on using tickets.