A few days ago I had to upload two diff files with the extension .patch on my previous post about qmail and dkim and wordpress asked me to try other extension because the file extension did not met it's "security policy". That was really annoying so I started to look through the code to "fix" this :).
Few minutes after, I find this function wp_check_filetype in wp-includes/functions.php. It seems this function is the one responsible for filtering unwanted extensions. The only problem with it is that the allowed extensions are hard coded in it. you can easily add your extension to it but then you'll have to do that every time you upgrade wordpress.
Luckily wodpress has a hook named upload_mimes for this function so you can just write your plugin and add a filter for upload_mimes so each time the function wp_check_filetype is called your "filter" function will also be called and it can modify the contents of the $mimes array that holds the approved mime types and extensions.
and the plugin:
- function add_upload_ext($mimes='')
- return $mimes;
so just put that in a file.php along with some plugin meta information like:
Plugin Name: Add permitted upload extensions
Plugin URI: http://patchlog.com/wordpress/upload-mime-types-plugin-for-wordpress/
Description: Use this plugin if you want to add file extensions and types to the list of extensions that are permitted in an upload
Author: Mihai Secasiu
Author URI: http://patchlog.com
and then go to wordpress admin -> Plugins and activate it. You might want to chmod 777 the pluging file if you want to easily add extensions from your wordpress admin by modifying the plugin.
Of course this was just a quick hack, this could be extended so that it will allow the admin to manage the mime types from a nice web interface without having to modify the code every time you need to add an extension.
A few days after I created this I find a plugin that is actually a lot nicer and already has the web interface that let's you easily add new mime types to wordpress