search

10up / safe-svg

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
https://wordpress.org/plugins/safe-svg/
GNU General Public License v2.0
263 stars 31 forks source link

Allow the `current_user_can_upload_svg` method to be filtered #192

Closed dkotter closed 4 months ago

dkotter commented 4 months ago

Is your enhancement related to a problem? Please describe.

In #76, we added settings allowing you to choose which user roles can upload svgs. When a role is selected, we add the safe_svg_upload_svg capability to those that have that role and check that when an svg is attempted to be uploaded.

There was a recent request around how to allow non-logged in users to upload svgs (for instance, if you have a front-end upload form). I don't know if that specific use case is something we need to support here but I do think it would be useful to add a new filter around the value returned by our current_user_can_upload_svg. This would allow others to change who can upload svgs, either making that more strict or less strict.

Designs

No response

Describe alternatives you've considered

No response

Code of Conduct

shmaltz commented 4 months ago

This would be great!

phenomenia commented 3 months ago

I'm looking for exactly that. I see the ticket closed. Where can I find the feature in the plugin settings?

dkotter commented 3 months ago

@phenomenia This has been merged but has not been released yet. Once the next version of Safe SVG is released, this will be part of that. There aren't any settings for this, just a new filter that you can use: safe_svg_current_user_can_upload