{"id":311398,"date":"2026-05-25T14:25:52","date_gmt":"2026-05-25T14:25:52","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/compatibility-fix-for-safe-svg\/"},"modified":"2026-05-25T14:25:31","modified_gmt":"2026-05-25T14:25:31","slug":"compatibility-fix-for-safe-svg","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/compatibility-fix-for-safe-svg\/","author":8232116,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.1.1","stable_tag":"1.1.1","tested":"6.9.4","requires":"6.5","requires_php":"7.4","requires_plugins":null,"header_name":"Compatibility Fix for Safe SVG","header_author":"J\u00f6rn Gorres","header_description":"Fixes a conflict between \"Safe SVG\" and \"Enable Media Replace\" that prevents replacing existing media items with SVG files. Registers the required MIME-type filters globally, but only when Safe SVG is active, so that no unsanitized SVG upload path is opened.","assets_banners_color":"db8c0f","last_updated":"2026-05-25 14:25:31","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/joern.gorres.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":43,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1.1":{"tag":"1.1.1","author":"jgorres","date":"2026-05-25 14:25:31"}},"upgrade_notice":{"1.1.1":"

Metadata-only update: Contributors<\/code> slug in readme.txt<\/code> adjusted to match the WordPress.org user name. No functional changes.<\/p>","1.1.0":"

Plugin renamed for the WP.org submission; capability check removed so that SVG uploads also work in WP-CLI \/ Cron \/ REST contexts. Manual reactivation in the plugins list required (the slug changed).<\/p>","1.0.1":"

Pure documentation update: readme description translated to English for Plugin Check compliance. No functional changes.<\/p>","1.0.0":"

Initial release \u2014 fixes the SVG-replace conflict between Safe SVG and Enable Media Replace.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3547754,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3547754,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256},"icon.svg":{"filename":"icon.svg","revision":3547754,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3547754,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3547754,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1.1"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[3005,264343,3011,200126,2904],"plugin_category":[],"plugin_contributors":[264344],"plugin_business_model":[],"class_list":["post-311398","plugin","type-plugin","status-publish","hentry","plugin_tags-compatibility","plugin_tags-enable-media-replace","plugin_tags-mime","plugin_tags-safe-svg","plugin_tags-svg","plugin_contributors-jgorres","plugin_committers-jgorres"],"banners":{"banner":"https:\/\/ps.w.org\/compatibility-fix-for-safe-svg\/assets\/banner-772x250.png?rev=3547754","banner_2x":"https:\/\/ps.w.org\/compatibility-fix-for-safe-svg\/assets\/banner-1544x500.png?rev=3547754","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/compatibility-fix-for-safe-svg\/assets\/icon.svg?rev=3547754","icon":"https:\/\/ps.w.org\/compatibility-fix-for-safe-svg\/assets\/icon.svg?rev=3547754","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"\n

Problem:<\/strong><\/p>\n\n

With \"Safe SVG\" alone, uploading SVG files into the WordPress Media Library works fine. As soon as you try to replace an existing file with an SVG via the \"Enable Media Replace\"<\/strong> plugin, the operation aborts with the message \"Sorry, this file type is not permitted for security reasons.\"<\/em>.<\/p>\n\n

Root cause: EMR calls wp_check_filetype_and_ext()<\/code> directly from its own submenu (upload.php?page=enable-media-replace\/...<\/code>) without going through the standard upload path (wp_handle_upload<\/code>). Safe SVG, however, registers its MIME-type fix only on certain admin page hooks \u2014 and those do not reliably fire on the EMR replace page in practice.<\/p>\n\n

Solution:<\/strong><\/p>\n\n

This plugin registers the two required filters (upload_mimes<\/code>, wp_check_filetype_and_ext<\/code>) globally so that SVG uploads work through EMR as well.<\/p>\n\n

Safety guard:<\/strong><\/p>\n\n

So that this plugin does not open an unsanitized SVG upload path, the filters are active only when the \"Safe SVG\" plugin itself is active. Safe SVG then handles the SVG sanitization on wp_handle_upload_prefilter<\/code> \/ wp_handle_sideload_prefilter<\/code>. Without an active Safe SVG, SVG remains non-uploadable.<\/p>\n\n\n

    \n
  1. In the WordPress admin go to Plugins \u2192 Add New \u2192 Upload Plugin and upload the ZIP file.<\/li>\n
  2. Activate the plugin.<\/li>\n
  3. Make sure that \"Safe SVG\" and \"Enable Media Replace\" are also active.<\/li>\n
  4. Replace an existing media item with an SVG file via \"Replace media\" \u2014 it now works.<\/li>\n<\/ol>\n\n\n
    \n

    Do I really need Safe SVG?<\/h3><\/dt>\n

    Yes. Without Safe SVG the filters of this plugin stay inactive. This is intentional: SVG uploads without a sanitizer would be an XSS risk (embedded JavaScript \/ SVG smuggling).<\/p><\/dd>\n

    Does the plugin also work with other replace plugins?<\/h3><\/dt>\n

    Yes. The two filters are generic and apply to any plugin that calls wp_check_filetype_and_ext()<\/code> directly.<\/p><\/dd>\n

    Does the plugin also work in WP-CLI \/ Cron \/ REST sideloads?<\/h3><\/dt>\n

    Yes. As of version 1.1.0 the filters no longer perform a capability check, so SVG uploads also work in contexts without a logged-in user (for example programmatic sideloads via REST or WP-CLI). Security is still enforced through the Safe-SVG-active guard and Safe SVG's sanitization on wp_handle_upload_prefilter<\/code>.<\/p><\/dd>\n

    Is the plugin still needed once EMR is updated and fixes the conflict itself?<\/h3><\/dt>\n

    No. The plugin can be deactivated and removed without leftovers (no postmeta, no options, no cron).<\/p><\/dd>\n\n<\/dl>\n\n\n

    1.1.1<\/h4>\n\n
      \n
    • Metadata: Contributors<\/code> slug in readme.txt<\/code> changed from joerngorres<\/code> to jgorres<\/code> to match the WordPress.org user name. No code changes.<\/li>\n<\/ul>\n\n

      1.1.0<\/h4>\n\n
        \n
      • Plugin renamed from \"Safe SVG Upload Fix\" to \"Compatibility Fix for Safe SVG\" (slug: compatibility-fix-for-safe-svg<\/code>). Reason: the WP.org Plugin Directory does not accept plugin names that start with the name of another plugin; the \"for Safe SVG\" pattern is explicitly allowed.<\/li>\n
      • Function prefix ssuf_<\/code> \u2192 compatibility_fix_for_safe_svg_<\/code>.<\/li>\n
      • Removed the capability check (current_user_can( 'upload_files' )<\/code>) from the filter callbacks. As a result SVG uploads now also work in non-user contexts (WP-CLI, Cron, REST sideloads). Security is still guaranteed by the Safe-SVG-active guard and Safe SVG's sanitizer hook.<\/li>\n
      • Plugin header description translated to English.<\/li>\n
      • Added a languages\/index.php<\/code> stub against direct access.<\/li>\n
      • Translated all readme.txt<\/code> sections (Installation, FAQ, Changelog, Upgrade Notice) to English.<\/li>\n<\/ul>\n\n

        1.0.1<\/h4>\n\n
          \n
        • Plugin Check compliance, no functional changes: Short Description and == Description ==<\/code> translated to English.<\/li>\n<\/ul>\n\n

          1.0.0<\/h4>\n\n
            \n
          • Initial release.<\/li>\n
          • Registers the upload_mimes<\/code> and wp_check_filetype_and_ext<\/code> filters globally, gated by an active-Safe-SVG check.<\/li>\n<\/ul>","raw_excerpt":"Fixes a conflict between "Safe SVG" and "Enable Media Replace" when replacing existing media files with SVG uploads.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/311398","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=311398"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/jgorres"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=311398"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=311398"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=311398"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=311398"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=311398"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=311398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}