[wp-trac] [WordPress Trac] #9234: Upload filter does not work
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 26 09:21:23 GMT 2009
#9234: Upload filter does not work
--------------------------+-------------------------------------------------
Reporter: AbbeKeultjes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Media | Version: 2.7
Severity: normal | Keywords: upload files security
--------------------------+-------------------------------------------------
I work for a company that builds and hosts multiple websites. Recently I
set up a Wordpress website for a client.
The flash uploader works fine, except that it uploads ALL files. I can
upload .php files, .exe files and even made up files.
By default Wordpress accepts .exe files (in wp-includes/functions.php
there's an array with accepted mime types), but it shouldn't accept .php
files, nor made up files.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9234>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list