A Safe Way to Allow Upload of All File Types?
Posted
by
user34682
on Pro Webmasters
See other posts from Pro Webmasters
or by user34682
Published on 2013-06-28T14:07:55Z
Indexed on
2013/06/28
22:29 UTC
Read the original article
Hit count: 124
security
By default WordPress restricts the file types that can be uploaded to /uploads using the default Media Manager. I know it is possible to manually extend the allowed file types. I also know it is possible to change functions.php to allow ALL file types to be uploaded.
This restriction obviously exists for security concerns - e.g. someone could upload a harmful .exe
Would it not be possible to allow secure upload of all filetypes by setting the permissions of the /uploads directory to prevent execution of any of its contents? Thus it wouldn't matter if someone uploaded a harmful file because it would not be executable on the server...
© Pro Webmasters or respective owner