Isn't about time for svg support?
Isn't about time for svg support?
As soon as SVG can stop being so darn vulnerable, sure :)
See https://core.trac.wordpress.org/ticket/24251 for more of the details, but basically it's not safe ENOUGH for us to do it.
Yes, but... the majority of sites I maintain I am the admin and the single user of the site. No editors, no subscribers and no comments. I am sure this is not a unique situation. WordPress has become the CMS of choice kludged together from a blogging platform.
The point is that the SVGs I want to upload are ones I have created myself. I mean how hard would it be to add a check that user is admin to upload SVGs? The primary place it would be of use is in theme image uploads, which mostly tend to use the wp media uploader.
Roles and permissions are the solution, this should be core functionality of a CMS and not left to plugins. Period.
auniquename, I can understand your position; as experienced site administrators, we know we can trust our own content and if something goes wrong, then mea culpa and we go to fix it.
Basically, we are willing to take responsibility ourselves if we are given the functionality/feature.
Unfortunately, when it comes to features on WordPress, additional functionalities/features are viewed on a user-wide basis in terms of is 'such and such functionality or feature safe to use for MOST users, etc' and as such, there is a lot of additional considering that goes into something like this.
As advanced users (meaning, we do actual site administration which includes keeping our websites safe), this sort of thing probably comes off as redundant and unnecessary or something that is holding back progress and development, but for other users who are not as familiar, NOT opening the can that is possibly full of worms is the 'better' overall choice when evaluating on a whole.
When 3. - I forget what - came out with automatic updates, there was quite a discussion on this related to having a feature (like automatic updates) be automatically included (and turned on) or not and one of the biggest takeaway points that was made was that in terms of security and safety, better to be careful than to be sorry.
If WordPress was dedicated only to the tech-savvy, then this wouldn't be quite as big of a concern, but the end-user-only base (those who use WordPress to do simple blogging or the like but don't really administer a site and probably have nothing to do with their servers or install settings etc) is quite large and so consideration has to factor in that, too.
I know this probably isn't an answer you're hoping for, but it is honestly given and based on what I have read and participated in terms of discussion within the WordPress Core community re: things to do (or not do) when it involves security (like automatic WordPress updates).
That said, I am unsure if it has been communicated to you previously, but if you are handy with coding and have a good working knowledge of the WordPress core files, you ARE welcome to make your own personal adjustments if you need to as this is the beauty of open source.
'Patch' your own files as it were. :)
Granted, it may mean that future upgrades will need to be 'patched' again if the feature you want isn't included, but it IS a way to get what you need if the feature desired doesn't make it to Core.
EMG, can I give you a cookie for that awesome answer? Thank you!
You must log in to post.