Make WordPress Core

Changes between Initial Version and Version 9 of Ticket #39550


Ignore:
Timestamp:
01/12/2017 03:09:06 PM (7 years ago)
Author:
joemcgill
Comment:

@greatislander Thanks for the report. You're correct that [39831] introduced more strict filetype checking in 4.7.1, which is resulting in previously valid uploads to fail. As @sterndata noted, setting define( 'ALLOW_UNFILTERED_UPLOADS', true ); is a short term workaround, but one that should only be taken if you trust the users of your site not to upload insecure files.

In the mean time, it would help use test potential fixes for this issue by uploading or linking to example files that were previously working, but no longer are.

UPDATE: Please see https://wordpress.org/plugins/disable-real-mime-check/ as a better alternative to allowing unfiltered uploads.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #39550

    • Property Status changed from new to assigned
    • Property Summary changed from Non-image files with the application/octet-stream mime type cannot be uploaded to Some Non-image files fail to upload after 4.7.1
    • Property Keywords needs-patch added
    • Property Milestone changed from Awaiting Review to 4.7.2
    • Property Owner set to joemcgill
  • Ticket #39550 – Description

    initial v9  
     1'''UPDATE:''' This issue affects more than just Word documents as initially reported. This ticket can be used to track related issues with all non-image files failing to load after 4.7.1 with an error message of `Sorry, this file type is not permitted for security reasons`.
     2
     3===
     4
    15Since [39831], a valid Word document (with the `.docx` extension) which has the `application/octet-stream` mime type can no longer be uploaded as the comparison in [https://core.trac.wordpress.org/browser/trunk/src/wp-includes/functions.php?rev=39831#L2324 this block] will fail.
    26