I have found out that there is a issue if the file has the text #include in it.
Yes, of course.
You cannot use # in a filename.
You should only be using:
Letters (a-z A-Z), digits, underscore, hyphen, (maybe) space, dot
https://www.mtu.edu/umc/services/websites/writing/characters-avoid/
Btw this was not in the file name. but in the file.
Oh, I see.
What is the error specifically?
The error is:
“1 file could not be uploaded because an error occurred while uploading.”
if you make a file “aaa.txt” and inside the text-file add:
#include test on and off this.
-
This reply was modified 2 years, 6 months ago by janerikg.
Tested. When the text file contains #include
an error is thrown: filetype not permitted for security reasons
: https://snipboard.io/uaWx26.jpg
When file does not contain #include
the file is uploaded.
What happens if you add the following to the wp-config.php
file:
define('ALLOW_UNFILTERED_UPLOADS', true);
Thank you very much @pidengmor
It did the trick. I was first a little worried that everyone would be able to upload all sorts of files. But if I understand correctly, does this only apply to admin?
Yes, that constant disables upload filtering for all users, not just admins, so it is not ideal to leave in place from a security perspective.
You could try allowing .txt
uploads only, by adding this to the functions.php
file of your active theme (untested):
function my_theme_custom_upload_mimes( $existing_mimes ) {
// Add txt to the list of mime types.
$existing_mimes['txt'] = 'text/plain';
// Return the array back to the function with our added mime type.
return $existing_mimes;
}
add_filter( 'mime_types', 'my_theme_custom_upload_mimes' );
Note that this would still allow bad actors to place code in .txt
files that are then uploaded to the site. Do you use a firewall and/or security plugin?
Thank you @pidengmor again.
I will try that. Perhaps I will put ALLOW_UNFILTERED_UPLOADS to false when I’m done 🙂
Perhaps I will put ALLOW_UNFILTERED_UPLOADS to false when I’m done
That would be the safest option.
Or look into a premium plugin like Publish Press, where unfiltered uploads can be restricted to administrators: https://publishpress.com/knowledge-base/unfiltered_upload/
Good luck!
-
This reply was modified 2 years, 6 months ago by barnez. Reason: link added to Publish Press plugin
In fact, the free version of the Publish Press Capabilities plugion allows you to set ALLOW_UNFILTERED_UPLOADS
for admins only: https://snipboard.io/LTyqRM.jpg
https://wordpress.org/plugins/capability-manager-enhanced/