WordPress.org

Make WordPress Core

#20997 closed defect (bug) (invalid)

Multisite not honoring upload_filetypes

Reported by: Ipstenu Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Multisite Keywords:
Focuses: Cc:

Description

It was a myriad error filled day. Once I kicked PHP into shape, I couldn't upload epubs (though everything else 'normal' worked). I got the age old error "Sorry, this file type is not permitted for security reasons."

I checked in Network -> Settings -> Network Settings, where I've set "Upload file types" to the following (bolded the ones I added):

jpg jpeg png gif mp3 mov avi wmv midi mid pdf m4v flv ogv docx epub zip ico txt

But that didn't work until I added this in a function (mu-plugin function, whatever)

add_filter('upload_mimes', 'add_custom_upload_mimes');
 function add_custom_upload_mimes($existing_mimes){
 $existing_mimes['epub'] = 'application/epub+zip'; //allow epub files
 return $existing_mimes;
 }

So okay, that ain't right! I reproduced it on a clean build. Every time I add in the filter, it will magically work.

Now I know this worked on trunk in May, so I double checked the last changes to ms-functions.php (since that's where it has the nifty function check_upload_mimes() which looks at those settings) which has had no changes that should have impacted anything to do with this.

The weird thing is that this doesn't impact all file types. If I add 'zip' it works fine, but I have to force set epub (and mobi, and a couple others I made up). From what I can tell, these will always work: m4v flv ogv docx zip ico txt

But epub, mobi, bla (my fake one) always fail without the filter.

Tested it on php 5.3.13, 5.3.14, and 5.3.6

Change History (7)

comment:1 duck_22 months ago

The check_upload_mimes() function is designed to restrict the set of allowed file types that come with WordPress (in get_allowed_mime_types()). It is not meant to add to it.

I double checked by adding epub to a 3.3 install and that blocked it too. Not sure why it worked for you previously without using a plugin.

comment:2 Ipstenu22 months ago

It's always worked when you add to it. In fact, it continues to work when you add things, just not all things. We've been telling folks since 3.0 that the way to add mimetypes in Multisite was to append to this. I've never tested it on 3.3 (in May I was using aortic).

comment:3 SergeyBiryukov22 months ago

From what I can tell, these will always work: m4v flv ogv docx zip ico txt

That's because they are already present in get_allowed_mime_types():
http://core.trac.wordpress.org/browser/tags/3.4.1/wp-includes/functions.php#L1755
Any extensions not from that list won't work unless a filter function is hooked to upload_mimes.

Got the same results as duck_.

Version 2, edited 22 months ago by SergeyBiryukov (previous) (next) (diff)

comment:4 marv5122 months ago

Can somebody please add some documentation for this?
I tried to upload ifc files in a network install and it doesn't work. I add the file to the allowed file types in /wp-admin/network/settings.php and it still doesn't work. Ipstenus filter fixes that.

I don't have all the SVN setup in place to create a patch, but could you at least add something like "Please note that unusal filetypes may be blocked even if they are added to the list. See bug #20997 for details." in the help tab of that page?

A good solution for this would be to send the "application/octet-stream" mime-type for unknown, but allowed filetypes.

comment:5 SergeyBiryukov22 months ago

  • Keywords needs-codex added

comment:6 SergeyBiryukov21 months ago

  • Keywords needs-codex removed

I've added a note to the Network Admin Settings Screen page.

comment:7 SergeyBiryukov21 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.