WordPress.org

Ready to get started?Download WordPress

Forums

Enable Media Replace Error on Replacing a PDF file (2 posts)

  1. Todd Christensen
    Member
    Posted 2 years ago #

    Getting the Mime-type security error from Enable Media Replace (2.5.2) plugin:

    "File type does not meet security guidelines. Try another."

    When attempting to replace any PDF file. Worked fine before last update.

    Any ideas anybody? Saw that there were issues before. Do I have to update WordPress itself? (hesitant to do so since there is a big campaign on the site in progress).

    Site: Elliott's Oyster House

    BTW - Client needs to replace Menus PDFs.

    Thanks in advance.

  2. Måns Jonasson
    Member
    Posted 2 years ago #

    Unfortunately, I do not know of another way to fix this problem right now.

    The problem is that PHP seems to lack a truly reliable way of determining the MIME type of a file.

    In the newer versions of the plugin, I am checking for the function "mime_content_type", which works in some system, but is deprecated and therefore unreliable.

    If "mime_content_type" is not available, I am using PHP:s built-in variables for uploaded files, $_FILES[]["type"] - but the problem there is that it doesn't work 100%, and it even seems to be client-dependant, so that it works with certain browsers but not with others.

    So why do I need to check the MIME type at all? Good question! In the earlier versions of the plugin (i.e. before 2.4) I wasn't checking the MIME type on uploaded files before replacing the originals. The problem with that was that my plugin was flagged as insecure on several major security-related web sites since it was technically possible to upload a malicious file to replace a "safe" file. As you probably know, WordPress has a built-in file filter which only allows uploads of certain types of files. My plugin was breaking those rules, and to get my plugin off the security warning lists, I had to incorporate some type of file type check, which is where the problems are right now.

    I will continue to look into other possible fixes, but for now, if you are running into these problems, my only advice is to uninstall the current version of the plugin and install 2.3 instead, which was the last version without the MIME type checks.

    The 2.3 version can be found on WordPress.org here

    /M;

Topic Closed

This topic has been closed to new replies.

About this Topic