I'm working to process 3D models through a custom WordPress theme via the Advanced Custom Fields plugin (Field Type: File).
The model has been saved as a .glb, which is not included within the default array of accepted file formats. I have processed the following updates to the functions.php and wp-config.php files, which seems to have allowed me to upload the required model. However, I don't want to allow back-end users to upload any file type.
How do I update the existing array of files to only include only the addition of the .glb file format?
My solution to resolve this issue was done by adding the following code to the functions.php file:
function my_myme_types($mime_types){
$mime_types['glb'] = 'file/glb+xml'; //Adding glb extension
return $mime_types;
}
add_filter('upload_mimes', 'my_myme_types', 1, 1);
And by adding the following code to the wp-config.php file:
define('ALLOW_UNFILTERED_UPLOADS', true);
However, I feel that these updates pose a significant and unnecessary security risk. What would be the best practice in this regard?
