WordPress.org

Forums

[resolved] Upgrade to 2.8.5 now unable to upload ".flv" files (8 posts)

  1. RichHead
    Member
    Posted 5 years ago #

    I upgraded my blog here yesterday to 2.8.5; last night I tried to add an entry and was able to upload JPG and MP3 files fine, but the FLV failed: "File type does not meet security guidelines. Try another."

    I have installed the Mime Types plug-in and have:

    audio/ac3 ac3
    audio/MPA mpa
    video/x-flv flv

    Anyone any ideas why I can no longer upload ".flv" videos (worked fine for me on 2.8.4)

    Rich

  2. RichHead
    Member
    Posted 5 years ago #

    How bizarre! It failed consistently last night, but this morning it worked (I thought I'd give it one more try).

    The only thing I have changed is to add the Mime Type plug-in (but have not amended anything)

    :-?

  3. This is due to the change in WordPress 2.8.5 where all uploads are now subject to the extension white list even for admin.

    You can read more about the change here: http://core.trac.wordpress.org/ticket/10692

    My mime type plugin (http://wordpress.org/extend/plugins/pjw-mime-config/) adds those extra types by default so by installing it and enabling it you will have added in support for upload of those types.

  4. RichHead
    Member
    Posted 5 years ago #

    Ah, I see, so I did need to install the plug-in to make it work... I tried very hard to discover what had changed in 2.8.5 before deciding to update and did not see anything that suggested I would need to add an additional plug-in to keep things working.

    Did I miss something obvious?

  5. This change is mentioned in the release announcement:

    Switched the file upload functionality to be whitelisted for all users including Admins.

    Basically, previously admin users could upload any file possible which made it easier to completely exploit a site if someone stole an admins login details.

    You do have an option to disable this security feature by adding a define to your 'wp-config.php' file but we recommend against this.

  6. RichHead
    Member
    Posted 5 years ago #

    Thanks Westi - I obviously missed that; in fact I struggled to find much documentation beyond "improved security"; perhaps I was looking in the wrong place - could you point me to release announcement?

  7. RichHead
    Member
    Posted 5 years ago #

    Thanks Westi - I guess for a newbie like me the impact of "Switched the file upload functionality to be whitelisted for all users including Admins." was not obvious :-(

Topic Closed

This topic has been closed to new replies.

About this Topic