"File type does not meet security guidelines" is a poor error message

[westi]

This message gives useless feedback to the user.

We should replace it with something which hints more on how to resolve the issue / why the upload is not allowed.

[westi]

An example of the confusion it causes:

​http://wordpress.org/support/topic/mpg-file-type-does-not-meet-security-guidelines

[wojtek.szkutnik]

How about this one?

[westi]

Better.

Not sure we should specifically mention a plugin.

Would also be nice to run the translation through a filter and pass some extra info as context so that in an environment where the list of allowed files is extended differently for different users filetype context sensitive messages could be displayed.

[mrmist]

For a message intended for end-users I'm not convinced that talking about extending a whitelist with a plugin is really the best language. Most likely it would be non-admins seeing this message wouldn't it?

[jane]

I wouldn't mention a plugin.

"Sorry, this file type is not permitted for security reasons."

Ideally, this sentence would be followed by, "Please refer to the Codex for more information on allowed file types." Didn't see a good article on it in Codex with a quick search, though. If there is one, link to it from 'allowed file types'.

[mrmist]

I've made a start on the Codex entry for this at

​http://codex.wordpress.org/Plugin_API/Filter_Reference/upload_mimes

So feel free to link to that from any proposed alternative message.

[markmcwilliams]

updated patch with words from jane

[markmcwilliams]

That updated patch only includes the wording from Jane, for starters I'm not 100% sure if there is a certain way you link to the codex or not (link not including the URK in the string?) If anyone wants to point me in the right direction, everything is appreicated!

[nacin]

We link directly to Codex pages. The URL should be within a translated string.

That said, we would never link to Plugin_API/Filter_Reference/upload_mimes. This should maybe become a section in the FAQ_Security or something, for an explanation.

[mrmist]

Yep there would doubtless be better places to link to and different words to put around the subject... My edit was really because the Codex didn't have anything at all on it.

[markmcwilliams]

Replying to nacin:

We link directly to Codex pages. The URL should be within a translated string.

Thanks for that info Nacin! :)

[demetris]

14521.patch was committed in r16577. Closing ticket as fixed.

(By the way, I think we should stop introducing such messages with “Sorry”. There is no reason to be apologetic for such restrictions. But that’s another discussion.)