When an invalid SVG file is uploaded, give the user a hint on how to fix.

[colourgarden]

Problem

• Even after allowing SVG mime type uploads in Fixed SVG image uploads are not accepted by media library. #35, it's still a common problem that "clean" SVGs are not accepted by the Wordpress uploader
• SVGs must have the doctype defined in the first line to be correctly identified as an SVG file by Wordpress - <?xml version="1.0" encoding="utf-8"?>
• SVG cleaners like ImageOptim and SVGO - which we should encourage the use of - will often remove the <?xml ?> declaration
• There's no safe technical solution to this issue. Automatically adding the declaration via PHP could lead to unsafe SVGs being allowed by default

Solution

• When SVG is detected as the file extension, adjust the Sorry, this file type is not permitted for security reasons. message to include a hint about adding the XML declaration as the first line

Notes

• Line where message is set in Wordpress - https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/file.php#L824
• Change message to: Sorry, this file type is not permitted for security reasons.<br>SVGs require the following line at the start of the file to be valid. Ensure this is the case with the uploaded file.<br><pre><?xml version="1.0" encoding="utf-8"?></pre>

[colourgarden]

Submitted a PR to ImageOptim which may help with this issue (at least for Mac users) - ImageOptim/ImageOptim#300