Opened 4 years ago
Last modified 9 months ago
#53100 new defect (bug)
Unable to upload SVGs even if ALLOW_UNFILTERED_UPLOADS set
Reported by: | desmith | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | minor | Version: | 5.7.1 |
Component: | Upload | Keywords: | |
Focuses: | Cc: |
Description
I have several sites where wp-config.php includes the line
define('ALLOW_UNFILTERED_UPLOADS', true);
I would expect that to permit all file types to be uploaded. However, SVG files are not allowed, displaying the message "Sorry, this file type is not permitted for security reasons."
I have tested this on a site using the default Twenty Twenty One theme, and no enabled plugins, and on that same site with Twenty Nineteen. I've tested it on several other sites, with a fairly broad collection of themes and plugins, as well. I am fairly confident the only code in common here is Core.
I know that there are several plugins that "enable" SVG upload support, but I would expect the ALLOW_UNFILTERED_UPLOADS define to take care of that for me. Unfiltered should mean unfiltered, including SVGs. Is this an oversight or bug in the upload handlers, or an intentional (and perhaps not-well-documented) choice?
Change History (2)
#2
@
9 months ago
I tested this and seems to only work if you have added svg in the allowed mime type and ALLOW_UNFILTERED_UPLOADS added as well.
1) only mime-type in theme function: Not working
function cc_mime_types( $mimes ){ $mimes['svg'] = 'image/svg+xml'; return $mimes; } add_filter( 'upload_mimes', 'cc_mime_types' );
2) Only added code in wp-config.php file: Not Working
define('ALLOW_UNFILTERED_UPLOADS', true);
3) Add both into WordPress: Working
This was actually working before with only adding either option. Now we have to add both option. Can anyone check what's changed?
Same problem with other files like .jfif
This method used to work before and it seems that WordPress 5 broke it.
I wonder why nobody seems to be talking about it. We shouldn't need to use a plugin to fix that, the feature should not be removed from Wordpress.