Support » Plugin: Lord of the Files: Enhanced Upload Security » There was an problem while verifying your file.

  • Resolved vickief

    (@vickief)


    HI,

    Gravity Forms used to upload IGS, DXF, SLDPRT, STEP, X_T, DWG and no longer allows it since WordPress made changes in 5 branch. We have consulted the hosting and Gravity Forms and have received finger pointing. We have tried various functions and add mime types plugins and nothing is working. We found your plugin and have tried a couple of tests for DXF and IGS. After adding the functions to allow those mime types via your documentation, we are getting a response that the files should be allowed; however, they are still being converted to TXT files which returns a problem verifying file message. We tried to disable all plugins (except gravity forms) and switched to a default WordPress theme. Still same error. Hopefully you have some idea what could be the issue as we need all of these upload file types from our clients to do business.

    Here is a result from our test:
    VALIDATION:
    Naive Name: Google Press Positioner.IGS
    Naive Extension: igs
    Naive Type: model/iges
    Magic Type: text/plain
    Best Type: model/iges

    FINAL:
    Name: Google Press Positioner.IGS
    Extension: igs
    Type: model/iges
    Code: 109

    SYSTEM:
    Kernel: Linux host3usw.swhnet.net 3.10.0-1127.8.2.el7.x86_64 #1 SMP Tue May 12 16:57:42 UTC 2020 x86_64
    PHP: 7.2.31
    Modules: Core; PDO; Phar; Reflection; SPL; SimpleXML; bcmath; calendar; cgi-fcgi; ctype; curl; date; dom; exif; fileinfo; filter; ftp; gd; hash; iconv; imagick; imap; json; libxml; mbstring; mysqli; mysqlnd; openssl; pcntl; pcre; pdo_mysql; pdo_sqlite; posix; session; soap; sockets; sqlite3; standard; tokenizer; wddx; xml; xmlreader; xmlwriter; xsl; zip; zlib
    WordPress: 5.5
    Plugins: blob-mimes [1.1.7]; gravity-forms-zero-spam [1.0.3]; gravityforms [2.4.20]; instagram-feed [2.4.6]; wordfence [7.4.11]; wordpress-seo [14.8.1]
    Theme: enfold-child [1.0]

    VALIDATION:
    Naive Name: logo.dxf
    Naive Extension: dxf
    Naive Type: application/dxf
    Magic Type: text/plain
    Best Type: text/plain

    FINAL:
    Name: logo.txt
    Extension: txt
    Type: text/plain
    Code: 107

    SYSTEM:
    Kernel: Linux host3usw.swhnet.net 3.10.0-1127.8.2.el7.x86_64 #1 SMP Tue May 12 16:57:42 UTC 2020 x86_64
    PHP: 7.2.31
    Modules: Core; PDO; Phar; Reflection; SPL; SimpleXML; bcmath; calendar; cgi-fcgi; ctype; curl; date; dom; exif; fileinfo; filter; ftp; gd; hash; iconv; imagick; imap; json; libxml; mbstring; mysqli; mysqlnd; openssl; pcntl; pcre; pdo_mysql; pdo_sqlite; posix; session; soap; sockets; sqlite3; standard; tokenizer; wddx; xml; xmlreader; xmlwriter; xsl; zip; zlib
    WordPress: 5.5
    Plugins: blob-mimes [1.1.7]; gravity-forms-zero-spam [1.0.3]; gravityforms [2.4.20]; instagram-feed [2.4.6]; wordfence [7.4.11]; wordpress-seo [14.8.1]
    Theme: enfold-child [1.0]

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Blobfolio

    (@blobfolio)

    Hi @vickief,

    I have two quick ideas that may help point to the root of the problem(s). (Keep the Lord of the Files plugin active for these two tests.)

    You added an entry for dxf : application/dxf to the upload allowed list for your site, correct? Try changing that associated MIME type from application/dxf to image/vnd.dxf. After doing that, try to upload logo.dxf to the Media Library (not Gravity Forms). Does the file come through OK and un-renamed now? If the Media Library handles it A-OK, try submitting that same file through your Gravity Forms contact form. Does it work there too now?

    The second test: try renaming “Google Press Positioner.IGS” to “google press positioner.igs” (lower case). If you try to submit that file through Gravity Forms, is it accepted now?

    I should have some follow up questions/answers for you based on what those two tests turn up. πŸ™‚

    • This reply was modified 1 year, 8 months ago by Blobfolio.
    • This reply was modified 1 year, 8 months ago by Blobfolio.
    Thread Starter vickief

    (@vickief)

    HI Thank you for the prompt response.
    I did as you asked and igs did work once the file was put in lowercase. One win.

    The dxf receive the same error. Test below:

    VALIDATION:
    Naive Name: logo.dxf
    Naive Extension: dxf
    Naive Type: image/vnd.dxf
    Magic Type: text/plain
    Best Type: text/plain

    FINAL:
    Name: logo.txt
    Extension: txt
    Type: text/plain
    Code: 107

    SYSTEM:
    Kernel: Linux host3usw.swhnet.net 3.10.0-1127.8.2.el7.x86_64 #1 SMP Tue May 12 16:57:42 UTC 2020 x86_64
    PHP: 7.2.31
    Modules: Core; PDO; Phar; Reflection; SPL; SimpleXML; bcmath; calendar; cgi-fcgi; ctype; curl; date; dom; exif; fileinfo; filter; ftp; gd; hash; iconv; imagick; imap; json; libxml; mbstring; mysqli; mysqlnd; openssl; pcntl; pcre; pdo_mysql; pdo_sqlite; posix; session; soap; sockets; sqlite3; standard; tokenizer; wddx; xml; xmlreader; xmlwriter; xsl; zip; zlib
    WordPress: 5.5
    Plugins: blob-mimes [1.1.7]; gravity-forms-zero-spam [1.0.3]; gravityforms [2.4.20]; instagram-feed [2.4.6]; wordfence [7.4.11]; wordpress-seo [14.8.1]
    Theme: enfold-child [1.0]

    Plugin Author Blobfolio

    (@blobfolio)

    Hi @vickief,

    Thanks for running those tests!

    Okay, so the issue with the IGS file is a bug in the Gravity Forms plugin that evidently hasn’t been fixed yet. (Someone else had a similar problem a while back.) You’ll have to point Gravity’s support team to the issue to get a proper fix landed in that plugin, but it lies in gravityforms/common.php, in the GFCommon::check_type_and_ext method.

    The short of it is they are incorrectly treating all “renaming” suggestions from the file validation result as failures, rather than checking to see if the renamed file would still be valid for the given form. (In your case, for example, the file you originally tried was getting a rename hint in lower case, which definitely should not have triggered an error; GF should have just accepted the new name and moved on.)

    The problematic line in that method reads:

    
    if ( $proper_filename ) {
    	return new WP_Error( 'invalid_file', esc_html__( 'There was an problem while verifying your file.' ) );
    }
    

    I should be able to add a workaround for your DXF issue to Lord of the Files to get those working for you. (I have a pretty good idea where WordPress is getting confused.) Can you send me a copy of that logo.dxf file? If it is still uploaded to your Media Library you can just drop that link here (it’s okay if the extension is wrong), otherwise you can email a copy to hello@blobfolio.com.

    I normally release LotF updates at the beginning of the month, so you’ve got excellent timing. I’ll check to make sure the workaround works with your file and push out the update. πŸ™‚

    • This reply was modified 1 year, 8 months ago by Blobfolio. Reason: Fix typo
    Thread Starter vickief

    (@vickief)

    HI there,

    I will relay to GF, but they haven’t been very receptive to blame. πŸ™‚

    So far I am able to get dwg and igs files to upload, but the rest (step, x_t, sldprt) return the same verification issues. Would you like me to add the test results here?

    Plugin Author Blobfolio

    (@blobfolio)

    Hi @vickief,

    Yes please, add the test results for the other file types. If you can send me samples of each (maybe just zip everything together?) I’ll take a look at those as well. They’ll probably need similar workarounds to the DXF type; PHP is really terrible at identifying non-binary file content. Haha.

    And thank you for taking the time for all this back-and-forth! Every little report like this helps tick off another file fix. Only ten thousand to go… πŸ™‚

    Thread Starter vickief

    (@vickief)

    HI,

    I already sent you samples of the files. I also forwarded your recommendation to GF support, so that’s good for them to know.

    I just found out from the client that they don’t need the x_t, so you can ignore that one. I also figured out the correct mimetype for the .sldprt (solid works). Just an fyi on that: your plugin recommended to use .sldworks, but that didn’t work. The correct one for our needs is “application/sldprt.

    I know you have so many to add!!! πŸ™‚

    Here is a test for another type with the same file verification error. This leaves DXF and STEP the last two not working.

    VALIDATION:
    Naive Name: Google Press Positioner.step
    Naive Extension: step
    Naive Type: application/step
    Magic Type: text/plain
    Best Type: text/plain

    FINAL:
    Name: Google Press Positioner.txt
    Extension: txt
    Type: text/plain
    Code: 107

    SYSTEM:
    Kernel: Linux host3usw.swhnet.net 3.10.0-1127.8.2.el7.x86_64 #1 SMP Tue May 12 16:57:42 UTC 2020 x86_64
    PHP: 7.2.31
    Modules: Core; PDO; Phar; Reflection; SPL; SimpleXML; bcmath; calendar; cgi-fcgi; ctype; curl; date; dom; exif; fileinfo; filter; ftp; gd; hash; iconv; imagick; imap; json; libxml; mbstring; mysqli; mysqlnd; openssl; pcntl; pcre; pdo_mysql; pdo_sqlite; posix; session; soap; sockets; sqlite3; standard; tokenizer; wddx; xml; xmlreader; xmlwriter; xsl; zip; zlib
    WordPress: 5.5
    Plugins: blob-mimes [1.1.7]; gravity-forms-zero-spam [1.0.3]; gravityforms [2.4.20]; instagram-feed [2.4.6]; wordfence [7.4.11]; wordpress-seo [14.8.1]
    Theme: enfold-child [1.0]

    Plugin Author Blobfolio

    (@blobfolio)

    Thanks for sending those samples, @vickief.

    I just pushed a new release of Lord of the Files (1.1.8) that includes fixes for DXF, STEP, and X_T files (which needed some extra love).

    (I know you said this site didn’t need X_T support after all, but figured somebody somewhere might benefit, so fixed too that while I was at it. Haha.)

    All of the sample files you sent along are being correctly detected on my test site now. When you have a moment, would you please update LotF on your site and retry the Media Library uploads and let me know how it goes? I’ll leave this ticket open in the meantime just in case.

    None of the Solid Works formats have official type registrations filed with IANA, but Tika Apache servers have decided to classify them using the group alias type application/sldworks, which is why LotF suggests that as a good choice.

    But you’re right, in deep dive Google searches, there are plenty of forum-type results that suggest alternatives like application/sldprt, application/slddrw, application/step, etc.

    I went ahead and added these as extra aliases to be thorough.

    For your site, it shouldn’t really matter whether you safelist them using the group or the extension-based types. Until they land in IANA, it’s more about what feels right. If application/sldprt looks better, go with that. πŸ™‚

    One last note: assuming these files are working in the Media Library now, they should also work with Gravity Forms (unless the file names trigger a rename hint because of e.g. an UPPER CASE EXTENSION, haha).

    Thread Starter vickief

    (@vickief)

    HI there,

    I did as you suggested and all the files are now working with your plugin and uploading via Gravity Forms. Thank you so much for your help.

    GF did get back to me on your findings and is having their developers look into it for a fix, so this was a win win for everyone.

    Wonderful job and I will be sharing your plugin with partners.

    Thank you!

    Plugin Author Blobfolio

    (@blobfolio)

    Wow, that was a really productive Monday. πŸ™‚

    Thanks again @vickief for diving into so many support threads!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘There was an problem while verifying your file.’ is closed to new replies.