This PR adds a new filter, safe_svg_current_user_can_upload, around the returned value from our current_user_can_upload_svg method. This filter allows others to have more fine-tune control on who can or cannot upload svgs. For instance, this would allow you to lock down uploads to specific users, instead of specific roles. Or would allow you to allow non-logged in users the ability to upload svgs.
Closes #192
How to test the Change
With this PR checked out, go to the Media Settings page and ensure your user account has permissions to upload
Test uploading an svg and ensure it works
Switch to an account that doesn't have permission to upload
Ensure svgs aren't allowed
Now use the new current_user_can_upload_svg and modify permissions, running through the tests again to ensure things work. As an example, could add add_filter( 'safe_svg_current_user_can_upload', '__return_false' ); and ensure that no one can upload svgs, or add_filter( 'safe_svg_current_user_can_upload', '__return_true' ); and ensure everyone can upload svgs.
Changelog Entry
Added - New filter, safe_svg_current_user_can_upload, allowing more control over who can upload svg files.
shmaltz
commented
4 months ago
Description of the Change
This PR adds a new filter,
safe_svg_current_user_can_upload, around the returned value from ourcurrent_user_can_upload_svgmethod. This filter allows others to have more fine-tune control on who can or cannot upload svgs. For instance, this would allow you to lock down uploads to specific users, instead of specific roles. Or would allow you to allow non-logged in users the ability to upload svgs.Closes #192
How to test the Change
current_user_can_upload_svgand modify permissions, running through the tests again to ensure things work. As an example, could addadd_filter( 'safe_svg_current_user_can_upload', '__return_false' );and ensure that no one can upload svgs, oradd_filter( 'safe_svg_current_user_can_upload', '__return_true' );and ensure everyone can upload svgs.Changelog Entry
Credits
Props @dkotter
Checklist: