=== MimeCraft MIME Unlocker ===
Contributors: akashahmed29
Tags: attachments, file upload, mime, svg, upload
Requires at least: 5.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Easily manage and extend allowed file upload types in WordPress with safe and controlled MIME type handling.

== Description ==

MimeCraft MIME Unlocker helps you safely extend the default WordPress upload functionality by enabling additional file types such as SVG, JSON, fonts, and more.

WordPress restricts file uploads for security reasons. This plugin provides a user-friendly interface to manage allowed MIME types while maintaining security best practices.

Whether you're a developer, designer, or site administrator, MimeCraft gives you control over file uploads—without editing code.

== 🔥 Features ==

**📁 Extend Upload Support** – Enable additional safe file types like SVG, JSON, fonts, and more.
**🛠️ Custom MIME Types** – Add your own MIME types with an easy-to-use interface.
**⚡ Auto Save Settings** – Changes are saved instantly without needing a manual save button.
**🔄 Reset to Default** – Restore default MIME settings anytime with one click.
**🧰 Beginner Friendly** – No coding required, simple and clean UI.
**🔐 Security Focused** – Blocks dangerous file types (e.g., executable and script files) to protect your site.

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/`.
2. Activate the plugin through the 'Plugins' menu in WordPress.

== Screenshots ==

1. Settings Page

== Changelog ==

= 1.0.1 =

* Security: Prevented upload of insecure MIME types (exe, js, apk, etc.) for non-admin users
* Security: Added role-based upload control (unsafe file types allowed for admins only)
* Security: Implemented real MIME type validation using finfo (anti-spoof protection)
* Security: Added SVG sanitization to prevent XSS and malicious code injection
* Fix: Resolved issue where default MIME types were not working when blocklist was enabled
* Fix: Corrected invalid MIME type mappings (woff, xml, css, js, etc.)
* Improvement: Improved validation and sanitization of custom MIME types
* Improvement: Strengthened WordPress core file type verification using wp_check_filetype_and_ext filter

= 1.0.0 =

* Initial Release

== Frequently Asked Questions ==

= What file types can I upload to WordPress by default? =
By default, WordPress allows only a limited set of file types for security reasons. Learn more here:
https://codex.wordpress.org/Uploading_Files

= Can I upload SVG files? =
Yes, this plugin allows SVG uploads. For best security, ensure SVG files are sanitized before use.

= Can I add custom MIME types? =
Yes, you can add and manage custom MIME types directly from the plugin interface.

= Does this plugin allow all file types? =
No. For security reasons, dangerous file types such as executable or script files are blocked.

= Will this plugin affect existing uploads? =
No, it only controls which file types are allowed moving forward.
