WordPress.org

Ready to get started?Download WordPress

Forums

Enable Media Replace
File type does not meet security guidelines (4 posts)

  1. Todd Christensen
    Member
    Posted 2 years ago #

    "File type does not meet security guidelines. Try another."

    When attempting to upload and replace any PDF file. Worked fine before last update (obviously since there are PDF's uploaded there now).

    Any ideas anybody? Saw that there were issues before. Do I have to update WordPress itself? (hesitant to do so since there is a big campaign on the site in progress).

    Should I go back down a version or two?

    http://wordpress.org/extend/plugins/enable-media-replace/

  2. Todd Christensen
    Member
    Posted 2 years ago #

    Stepped back to version 2.4.1 and it fixed the issue. Still would like to no if there is another fix?

  3. tahoemate
    Member
    Posted 2 years ago #

    Hello - downloaded and installed 2.5.2 and still getting the "File type does not meet security guidelines. Try another." error message when replacing a PDF file. Looking forward to getting a fix.

  4. Måns Jonasson
    Member
    Plugin Author

    Posted 2 years ago #

    Unfortunately, I do not know of another way to fix this problem right now.

    The problem is that PHP seems to lack a truly reliable way of determining the MIME type of a file.

    In the newer versions of the plugin, I am checking for the function "mime_content_type", which works in some system, but is deprecated and therefore unreliable.

    If "mime_content_type" is not available, I am using PHP:s built-in variables for uploaded files, $_FILES[]["type"] - but the problem there is that it doesn't work 100%, and it even seems to be client-dependant, so that it works with certain browsers but not with others.

    So why do I need to check the MIME type at all? Good question! In the earlier versions of the plugin (i.e. before 2.4) I wasn't checking the MIME type on uploaded files before replacing the originals. The problem with that was that my plugin was flagged as insecure on several major security-related web sites since it was technically possible to upload a malicious file to replace a "safe" file. As you probably know, WordPress has a built-in file filter which only allows uploads of certain types of files. My plugin was breaking those rules, and to get my plugin off the security warning lists, I had to incorporate some type of file type check, which is where the problems are right now.

    I will continue to look into other possible fixes, but for now, if you are running into these problems, my only advice is to uninstall the current version of the plugin and install 2.3 instead, which was the last version without the MIME type checks.

    The 2.3 version can be found on WordPress.org here

    /M;

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic