I have enabled SVG uploads using this code:
add_filter('upload_mimes', function($mimes) {
$mimes['svg'] = 'image/svg+xml';
return $mimes;
});
However, uploads of SVG files that start with the <svg> tag fail with the usual “Sorry, this file type is not permitted for security reasons.” error that WordPress displays when SVG uploads are not supported.
If I add <?xml version="1.0" encoding="UTF-8" standalone="no"?> to the file, just before the opening <svg> tag, the upload succeeds.
Why is the XML tag required? Is this requirement normal in WordPress, or is there something wrong with my setup?
2 Answers
It seems that in the recent releases of WordPress, changes were made to the mime type handling to make sure that files have the extension they say they do: https://make.wordpress.org/core/2018/12/13/backwards-compatibility-breaks-in-5-0-1/
This poses an issue for SVG files without the tag in them.
SVG is actually an XML, and WordPress is now requiring to have a line such as
<?xml version="1.0" encoding="utf-8"?>
in an SVG file.