Opened 2 years ago
Last modified 2 years ago
#53100 new defect (bug)
Unable to upload SVGs even if ALLOW_UNFILTERED_UPLOADS set
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | minor | Version: | 5.7.1 |
Component: | Upload | Keywords: | |
Focuses: | Cc: |
Description
I have several sites where wp-config.php includes the line
define('ALLOW_UNFILTERED_UPLOADS', true);
I would expect that to permit all file types to be uploaded. However, SVG files are not allowed, displaying the message "Sorry, this file type is not permitted for security reasons."
I have tested this on a site using the default Twenty Twenty One theme, and no enabled plugins, and on that same site with Twenty Nineteen. I've tested it on several other sites, with a fairly broad collection of themes and plugins, as well. I am fairly confident the only code in common here is Core.
I know that there are several plugins that "enable" SVG upload support, but I would expect the ALLOW_UNFILTERED_UPLOADS define to take care of that for me. Unfiltered should mean unfiltered, including SVGs. Is this an oversight or bug in the upload handlers, or an intentional (and perhaps not-well-documented) choice?
Same problem with other files like .jfif
This method used to work before and it seems that WordPress 5 broke it.
I wonder why nobody seems to be talking about it. We shouldn't need to use a plugin to fix that, the feature should not be removed from Wordpress.