WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 4 months ago

#53100 new defect (bug)

Unable to upload SVGs even if ALLOW_UNFILTERED_UPLOADS set

Reported by: desmith Owned by:
Milestone: Awaiting Review Priority: normal
Severity: minor Version: 5.7.1
Component: Upload Keywords:
Focuses: Cc:

Description

I have several sites where wp-config.php includes the line

define('ALLOW_UNFILTERED_UPLOADS', true);

I would expect that to permit all file types to be uploaded. However, SVG files are not allowed, displaying the message "Sorry, this file type is not permitted for security reasons."

I have tested this on a site using the default Twenty Twenty One theme, and no enabled plugins, and on that same site with Twenty Nineteen. I've tested it on several other sites, with a fairly broad collection of themes and plugins, as well. I am fairly confident the only code in common here is Core.

I know that there are several plugins that "enable" SVG upload support, but I would expect the ALLOW_UNFILTERED_UPLOADS define to take care of that for me. Unfiltered should mean unfiltered, including SVGs. Is this an oversight or bug in the upload handlers, or an intentional (and perhaps not-well-documented) choice?

Change History (1)

#1 @thesimarchitect
4 months ago

Same problem with other files like .jfif

This method used to work before and it seems that WordPress 5 broke it.

I wonder why nobody seems to be talking about it. We shouldn't need to use a plugin to fix that, the feature should not be removed from Wordpress.

Note: See TracTickets for help on using tickets.