Added text/html mime type

verot / class.upload.php

This PHP class uploads files and manipulates images very easily. It is in fact as much as an image processing class than it is an upload class. Compatible with PHP 4, 5, 7 and 8. Supports processing of local files, uploaded files, files sent through XMLHttpRequest.

http://www.verot.net/php_class_upload.htm

GNU General Public License v2.0

853 stars 359 forks source link

Added text/html mime type #120

Closed zanderwar closed 5 years ago

zanderwar commented 5 years ago

Found this missing

verot commented 5 years ago

I didn't add the text/html MIME type for security reason. I think it is better if you add explicitely if you need it, rather than accepting the MIME by default.

zanderwar commented 5 years ago

I agree, I couldn't find a feasible way of adding this mime-type while using it as a composer package however

FYI: image/svg+xml is a security vulnerability itself and image/* is allowed

verot commented 5 years ago

You can override allowed to allow your own MIME types.

As for image/svg+xml, it is true, but as a default it is convenient to allow image/*