Opened 6 years ago
Last modified 2 years ago
#45818 new defect (bug)
ALLOW_UNFILTERED_UPLOADS does not work on multisite
Reported by: | Hube2 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Upload | Keywords: | |
Focuses: | multisite | Cc: |
Description
In a multisite environment ALLOW_UNFILTERED_UPLOADS does not work. It only works for super admin. /wp-includes/capabilities.php line ~385.
<?php case 'unfiltered_upload': if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) ) ) $caps[] = $cap; else $caps[] = 'do_not_allow'; break;
I have a site where the client needs to be able to upload files that are created by various CAD applications, too numerous to name them all, I don't even know them all. The mime type varies on these file depending on what application is creating them, there seems to be no standardization for extension/mime type in CAD applications and each file extension is only allowed a single mime type. Due to this I must constantly fiddle with the allowed files and mime types so that they can upload them. This is ridonkulous as there seems to be no other way on multisite to allow unfiltered uploads.
Change History (7)
#6
@
6 years ago
Then there should be a way to allow some file extensions to have multiple possible mime types. As I stated in the OP, CAD applications do not appear standardized. Different CAD applications use the same extension while setting a different mime type. It seems that every CAD app uses a different extension/mime combination, all of which appear to be completely valid according to the information I've been reading. With the setup in WP only one mime type can be set per extension (unless I'm missing something, if I am please point me to information). This makes it nearly impossible to allow anyone but a super admin on multisite to upload these files. In my opinion there needs to be a way to override this behavior. If I want to allow unfiltered uploads on my mulitsite installations then I should be able to accomplish this is some way without hacking core files, or expecting an entire software industry to use the same standard mime times where they have not done so for as long as there has been CAD software.
If the goal is to completely prevent unfiltered uploads on multisite except for super admin then that if statement is correct. However, I don't see why this would be the case, but maybe I'm missing something. On the other hand, if the goal is to allow unfiltered uploads to super admins and all others as well if ALLOW_UNFILTERED_UPLOADS is true (which is what I would expect) then a couple of minor adjustments to the if statement will correct it