Make WordPress Core

Opened 13 years ago

Closed 13 years ago

Last modified 11 years ago

#14521 closed enhancement (fixed)

"File type does not meet security guidelines" is a poor error message

Reported by: westi's profile westi Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0
Component: Upload Keywords: has-patch gsoc
Focuses: Cc:


This message gives useless feedback to the user.

We should replace it with something which hints more on how to resolve the issue / why the upload is not allowed.

Attachments (2)

14521.diff (1.1 KB) - added by wojtek.szkutnik 13 years ago.
14521.patch (1.1 KB) - added by markmcwilliams 13 years ago.
updated patch with words from jane

Download all attachments as: .zip

Change History (14)

#2 @wojtek.szkutnik
13 years ago

  • Cc wojtek.szkutnik@… added
  • Keywords has-patch gsoc added; needs-patch removed

How about this one?

#3 @westi
13 years ago


Not sure we should specifically mention a plugin.

Would also be nice to run the translation through a filter and pass some extra info as context so that in an environment where the list of allowed files is extended differently for different users filetype context sensitive messages could be displayed.

#4 @mrmist
13 years ago

For a message intended for end-users I'm not convinced that talking about extending a whitelist with a plugin is really the best language. Most likely it would be non-admins seeing this message wouldn't it?

#5 @jane
13 years ago

  • Keywords ux-feedback removed

I wouldn't mention a plugin.

"Sorry, this file type is not permitted for security reasons."

Ideally, this sentence would be followed by, "Please refer to the Codex for more information on allowed file types." Didn't see a good article on it in Codex with a quick search, though. If there is one, link to it from 'allowed file types'.

#6 @mrmist
13 years ago

I've made a start on the Codex entry for this at

So feel free to link to that from any proposed alternative message.

13 years ago

updated patch with words from jane

#7 @markmcwilliams
13 years ago

That updated patch only includes the wording from Jane, for starters I'm not 100% sure if there is a certain way you link to the codex or not (link not including the URK in the string?) If anyone wants to point me in the right direction, everything is appreicated!

#8 follow-up: @nacin
13 years ago

We link directly to Codex pages. The URL should be within a translated string.

That said, we would never link to Plugin_API/Filter_Reference/upload_mimes. This should maybe become a section in the FAQ_Security or something, for an explanation.

#9 @mrmist
13 years ago

Yep there would doubtless be better places to link to and different words to put around the subject... My edit was really because the Codex didn't have anything at all on it.

#10 in reply to: ↑ 8 @markmcwilliams
13 years ago

Replying to nacin:

We link directly to Codex pages. The URL should be within a translated string.

Thanks for that info Nacin! :)

#11 @demetris
13 years ago

  • Resolution set to fixed
  • Status changed from new to closed

14521.patch was committed in r16577. Closing ticket as fixed.

(By the way, I think we should stop introducing such messages with “Sorry”. There is no reason to be apologetic for such restrictions. But that’s another discussion.)

#12 @mcepl
11 years ago

  • Cc mcepl added
Note: See TracTickets for help on using tickets.