Why can't I upload SVG image files to Wordpress(4.2.2) by default? when you try you get the message:
<blockquote>
Sorry, this file type is not permitted for security reasons.
</blockquote>
I know this problem has been around for a while, and I've used this solution in the past, from <a href="https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/" rel="nofollow">https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/</a>, :
But what are the security implications of allowing this behaviour and why has it been disabled by default?
<blockquote>
Sorry, this file type is not permitted for security reasons.
</blockquote>
I know this problem has been around for a while, and I've used this solution in the past, from <a href="https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/" rel="nofollow">https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/</a>, :
Code:
function cc_mime_types($mimes) {
$mimes['svg'] = 'image/svg+xml';
return $mimes;
}
add_filter('upload_mimes', 'cc_mime_types');But what are the security implications of allowing this behaviour and why has it been disabled by default?