WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #39552, comment 19


Ignore:
Timestamp:
01/19/2017 06:22:35 PM (8 years ago)
Author:
room34
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #39552, comment 19

    initial v1  
    33> Much as it was a little PITA to change code (it always is), SVG upload is separate from core. AFAIK the objection that stands is that it's a security risk, so I'm not sure adding things into core to keep a small number of plugins functional rather than update those plugins should be such a concern.
    44
    5 I would suggest that even if core is not going to be modified to make this function properly handle SVGs, it should at least be modified to not run the function if the MIME type is image/svg+xml. What it's returning "gets the job done" in terms of blocking SVG uploads, but it's not technically correct. Since wp_get_image_mime() relies on PHP functions that don't know how to handle SVGs, it shouldn't even run on SVG files.
     5I would suggest that even if core is not going to be modified to make this function properly handle SVGs, it should at least be modified to not run the function if the MIME type is image/svg+xml. What it's returning "gets the job done" in terms of blocking SVG uploads, but it's not technically correct. Since '''wp_get_image_mime()''' relies on PHP functions that don't know how to handle SVGs, it shouldn't even run on SVG files.
     6
     7Specifically, I would recommend that '''wp_check_filetype_and_ext()''' be modified (line 2282 in wp-includes/functions.php) from:
     8
     9{{{
     10if ( $type && 0 === strpos( $type, 'image/' ) ) {
     11}}}
     12
     13to:
     14
     15{{{
     16if ( $type && 0 === strpos( $type, 'image/' ) && $type != 'image/svg+xml' ) {
     17}}}