[wp-trac] [WordPress Trac] #9234: Upload filter does not work

WordPress Trac wp-trac at lists.automattic.com
Thu Feb 26 09:21:23 GMT 2009


#9234: Upload filter does not work
--------------------------+-------------------------------------------------
 Reporter:  AbbeKeultjes  |       Owner:                       
     Type:  defect (bug)  |      Status:  new                  
 Priority:  normal        |   Milestone:  Unassigned           
Component:  Media         |     Version:  2.7                  
 Severity:  normal        |    Keywords:  upload files security
--------------------------+-------------------------------------------------
 I work for a company that builds and hosts multiple websites. Recently I
 set up a Wordpress website for a client.
 The flash uploader works fine, except that it uploads ALL files. I can
 upload .php files, .exe files and even made up files.
 By default Wordpress accepts .exe files (in wp-includes/functions.php
 there's an array with accepted mime types), but it shouldn't accept .php
 files, nor made up files.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9234>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list