Upload filter does not work
|Reported by:||AbbeKeultjes||Owned by:|
|Component:||Upload||Keywords:||upload files security|
I work for a company that builds and hosts multiple websites. Recently I set up a Wordpress website for a client.
The flash uploader works fine, except that it uploads ALL files. I can upload .php files, .exe files and even made up files.
By default Wordpress accepts .exe files (in wp-includes/functions.php there's an array with accepted mime types), but it shouldn't accept .php files, nor made up files.