[wp-hackers] is wp_check_filetype() stupid?
Abel Cheung
abelcheung at gmail.com
Sun Jun 17 10:22:35 GMT 2007
On 6/17/07, Peter Westwood <peter.westwood at ftwr.co.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Abel Cheung wrote:
> > I just noticed I can't upload any patch file to wordpress; wondering why,
> > it leads me to this snippet:
> > [snip]
> > Is it _vital_ to list all possible mime types this way, instead of
> > blacklisting some?
> > Right now:
> > [snip]
>
> Whitelisting is much safer from a security point of view.
OK, if it's from security POV, then I'd tend to agree as well.
> Adding extra mime-types is simple - the list is passed to the
> upload_mimes filter [1] for you to easyily modify from a plugin.
>
> At least one plugin is available to allow you to configure extra
> mime_types from within WordPress [2]
Thanks a lot for the pointer. Though I guess I would still file
a ticket and get some common mime types incorporated upstream,
that would make some people's life easier.
Abel
>
> [1] http://wphooks.flatearth.org/hooks/upload_mimes/
> [2] http://blog.ftwr.co.uk/wordpress/mime-config/
>
> westi
> - --
> Peter Westwood
> http://blog.ftwr.co.uk
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGdPHOVPRdzag0AcURAtkHAKDOAKZMIyZDTAH+9XsIBAY5TfdF8gCgnWrG
> 8KpGod2attQsH8DWYqaqRh4=
> =sC+E
> -----END PGP SIGNATURE-----
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
--
Abel Cheung (GPG Key: 0xC67186FF)
Key fingerprint: 671C C7AE EFB5 110C D6D1 41EE 4152 E1F1 C671 86FF
--------------------------------------------------------------------
* GNOME Hong Kong - http://www.gnome.hk/
* Opensource Application Knowledge Assoc. - http://oaka.org/
* My own cave: http://me.abelcheung.org/
More information about the wp-hackers
mailing list