Skip to content

Instantly share code, notes, and snippets.

Last active Jun 16, 2020
What would you like to do?
WordPress allow uploading SVG, even without the XML declaration
// Mind you, this does not make SVG files safe. This script is meant for sites where only trusted people can upload.
add_action("init", function() {
// First line of defence defused
add_filter('upload_mimes', function ($mimes) {
$mimes['svg'] = 'image/svg+xml';
return $mimes;
// Add the XML Declaration if it's missing (otherwise WordPress does not allow uploads)
add_filter("wp_handle_upload_prefilter", function ($upload) {
if (!empty($upload["type"]) && $upload["type"] === "image/svg+xml") {
$contents = file_get_contents($upload["tmp_name"]);
if (strpos($contents, "<?xml") === false) {
file_put_contents($upload["tmp_name"], '<?xml version="1.0" encoding="UTF-8"?>' . $contents);
return $upload;
}, 10, 1);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment