search

awesomemotive / one-click-demo-import

One Click Demo Import plugin
https://www.awesomemotive.com/
195 stars 83 forks source link

SVG import #254

Closed DeoThemes closed 10 months ago

DeoThemes commented 2 years ago

I'm trying to import content that includes some SVG icons, but it fails. SVG is pretty much the standard nowadays. As icon fonts are degrading performance, more and more theme authors are using SVG's.

I understand that SVG uploads are disabled by default in WordPress. But maybe there is a way to enable it just for the import process. If I add this filter to my theme it allows uploading SVG as media. However, it still can't be imported using OCDI.

function svg_mime_types($mimes) {
    $mimes['svg'] = 'image/svg+xml';
        return $mimes;
    }
add_filter('upload_mimes', 'svg_mime_types');

So it would be nice to have an option to enable SVG import, maybe as a filter, so theme authors can opt in. Thanks.

capuderg commented 2 years ago

Hi,

Do you get any "Invalid file type" errors when the import finishes? Or maybe they are logged in our import log file?

Our importer uses the wp_check_filetype function, which also uses the get_allowed_mime_types (this function is using your above filter upload_mimes). So the filter should be used when importing via our plugin as well.

Could you maybe share the XML import file that has an SVG file to import, so we could use it to test and debug?

Take care!

DeoThemes commented 2 years ago

Sure, here it is: demo-content-svg.zip

donmhico commented 10 months ago

@DeoThemes - Thank you for opening this issue! I was able to replicate your issue and was able to work around it by supporting SVG import in my WordPress site. I installed and enabled the SVG Support plugin.

Importing SVG is a potential security vulnerability. While you can be sure that the SVG you have in your demo import is safe, it can't be said for other theme developers. Hence, I don't think having a filter in OCDI that developers can use to allow SVG import is a good idea. The site owner should be the one to intentionally allow SVG import.

We also don't suggest requiring the plugin in the OCDI import process for the above reasons. If your demo content has SVG imports, I suggest that you communicate to your users to allow SVG import first (like installing the SVG Support plugin) before performing the import.