Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 3 years ago

#14521 closed enhancement (fixed)

"File type does not meet security guidelines" is a poor error message

Reported by: westi Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0
Component: Upload Keywords: has-patch gsoc
Focuses: Cc:


This message gives useless feedback to the user.

We should replace it with something which hints more on how to resolve the issue / why the upload is not allowed.

Attachments (2)

14521.diff (1.1 KB) - added by wojtek.szkutnik 5 years ago.
14521.patch (1.1 KB) - added by markmcwilliams 5 years ago.
updated patch with words from jane

Download all attachments as: .zip

Change History (14)

#2 @wojtek.szkutnik
5 years ago

  • Cc wojtek.szkutnik@… added
  • Keywords has-patch gsoc added; needs-patch removed

How about this one?

#3 @westi
5 years ago


Not sure we should specifically mention a plugin.

Would also be nice to run the translation through a filter and pass some extra info as context so that in an environment where the list of allowed files is extended differently for different users filetype context sensitive messages could be displayed.

#4 @mrmist
5 years ago

For a message intended for end-users I'm not convinced that talking about extending a whitelist with a plugin is really the best language. Most likely it would be non-admins seeing this message wouldn't it?

#5 @jane
5 years ago

  • Keywords ux-feedback removed

I wouldn't mention a plugin.

"Sorry, this file type is not permitted for security reasons."

Ideally, this sentence would be followed by, "Please refer to the Codex for more information on allowed file types." Didn't see a good article on it in Codex with a quick search, though. If there is one, link to it from 'allowed file types'.

#6 @mrmist
5 years ago

I've made a start on the Codex entry for this at


So feel free to link to that from any proposed alternative message.

5 years ago

updated patch with words from jane

#7 @markmcwilliams
5 years ago

That updated patch only includes the wording from Jane, for starters I'm not 100% sure if there is a certain way you link to the codex or not (link not including the URK in the string?) If anyone wants to point me in the right direction, everything is appreicated!

#8 follow-up: @nacin
5 years ago

We link directly to Codex pages. The URL should be within a translated string.

That said, we would never link to Plugin_API/Filter_Reference/upload_mimes. This should maybe become a section in the FAQ_Security or something, for an explanation.

#9 @mrmist
5 years ago

Yep there would doubtless be better places to link to and different words to put around the subject... My edit was really because the Codex didn't have anything at all on it.

#10 in reply to: ↑ 8 @markmcwilliams
5 years ago

Replying to nacin:

We link directly to Codex pages. The URL should be within a translated string.

Thanks for that info Nacin! :)

#11 @demetris
5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

14521.patch was committed in r16577. Closing ticket as fixed.

(By the way, I think we should stop introducing such messages with “Sorry”. There is no reason to be apologetic for such restrictions. But that’s another discussion.)

#12 @mcepl
3 years ago

  • Cc mcepl added
Note: See TracTickets for help on using tickets.