Skip to:
Content
Pages
Categories
Search
Top
Bottom

attachment – participants cannot upload files of custom mime types


  • johnnyontheweb
    Participant

    @johnnyontheweb

    Hello all, I’m using bbpress 2.6.3 with the last version of wp5. I defined some mime types I need on the site, eg the extension .nvn. I noticed that Participants cannot upload these newly defined mime types, why?
    Keymasters do it without any problem. When a participant tries, he gets the error “Sorry, this file type is not permitted for security reasons” as it was not permitted. Please help

Viewing 25 replies - 1 through 25 (of 28 total)

  • johnnyontheweb
    Participant

    @johnnyontheweb

    anyone? I’m still getting nowhere.

    Wp is correctly set, I checked the allowed mime types even via a plugin and nvn are permitted.
    Admins can upload without any problem.


    Robin W
    Moderator

    @robin-w

    I’m pretty sure this is WordPress not bbpress, so you are looking at WordPress admin vs subscriber rather than bbpress keymaster vs. participant.

    You don’t say how you added the capability

    eg

    https://www.wpbeginner.com/wp-tutorials/how-to-add-additional-file-types-to-be-uploaded-in-wordpress/

    anyway I’d suggest you do some tests eg set up a user with

    admin and participant
    subscriber and keymaster

    and see which is preventing upload


    johnnyontheweb
    Participant

    @johnnyontheweb

    Thanks for your reply. I’ve added the capability by adding in theme functions these lines:

    function my_mime_types($mime_types){
        $mime_types['nvn'] = 'text/plain'; //Adding nvn extension
        return $mime_types;
    }
    add_filter('upload_mimes', 'my_mime_types', 1, 1);

    I made the tests:
    subscriber and keymaster: Sorry, this file type is not permitted for security reasons.
    admin and participant: Sorry, this file type is not permitted for security reasons!!! THE SAME! I modified the same user that was a subscriber, I cannot figure out what’s happening here…


    Robin W
    Moderator

    @robin-w

    ok, you said earlier that keymasters were allowed – what combination allows upload?


    johnnyontheweb
    Participant

    @johnnyontheweb

    Yes, I said earlier exactly that. Admin and keymaster combination works fine.


    Robin W
    Moderator

    @robin-w

    ok so you’ll need to work through what capabilities let this happen

    bbPress User Roles and Capabilities

    Roles and Capabilities

    and then amend these for what you want


    johnnyontheweb
    Participant

    @johnnyontheweb

    Thanks, anyway I cannot find anything applying to my case.

    First of all, I must exclude the WP capability named “unfiltered_upload”, since I didn’t activate the unfilted uploading feature. In any case, I made tests and this is not affecting the problem I’m facing.

    Secondly, I tried editing the bbPress role capabilities (the problem is that the advised tool allows only the modification per user, and not for the entire role type), and I didn’t find anything that applies (there’s nothign related to uploads).
    Then I tried to edit WP role capabilites with the help of a plugin, and nothing changes again.

    I’m desperate – I start thinking it’s a problem of my Windows hosting.
    To exclude some things, let me ask 2 questions:
    1. is this a new problem or it arose also in the past?
    2. I found the WP capability “upload_files” for the Subscriber role by default. This is strange, anyway, I tried enabling it but nothing changes.

    thanks in advance for the help


    Robin W
    Moderator

    @robin-w

    I suspect your filer is just not working.

    to prove, take the code out and recheck that the admin/keymaster still works – I’m pretty sure that that has a capability that ignores types.

    Next prove that your basic code is good, so

    function my_mime_types($mime_types){
        $mime_types['psd'] = 'image/vnd.adobe.photoshop'; 
        return $mime_types;
    }
    add_filter('upload_mimes', 'my_mime_types', 1, 1);

    and then try uploading a psd file with and without it to prove that the filter works

    Finally, having written the above, it looks like nvn is NOT a mime type, according to this list??
    https://www.freeformatter.com/mime-types-list.html


    johnnyontheweb
    Participant

    @johnnyontheweb

    I tried by taking out the code as you said, but then the admin/keymaster account was not able to upload files.

    Hence, the code is correct.
    I checked also the file type, nvn does not exist as a registered mime type.


    Robin W
    Moderator

    @robin-w

    ok, so can you do then middle bit to prove whether a participant can upload a psd file


    johnnyontheweb
    Participant

    @johnnyontheweb

    No, participant cannot upload a psd file even with your code, same error:
    filename.psd: Sorry, this file type is not permitted for security reasons.


    Robin W
    Moderator

    @robin-w

    ok, so can you just say how you are doing uploads? ie what process


    johnnyontheweb
    Participant

    @johnnyontheweb

    I’m posting a reply from a participant account in a already existing topic. The topic was created by a keymaster/admin.


    Robin W
    Moderator

    @robin-w

    have a look at this

    https://wordpress.stackexchange.com/questions/44777/upload-mimes-filter-has-no-effect

    seems maybe you can only have one text/plain entry?

    the types are listed in

    https://codex.wordpress.org/Function_Reference/get_allowed_mime_types

    and maybe try

    add_filter( 'upload_mimes', 'wpse44777_upload_mimes' );
    function wpse44777_upload_mimes( $mime_types )
    {
        // First we unregister the old key
        unset( $mime_types['txt|asc|c|cc|h'] );
    
        // Then we add a new one
        ! isset( $mime_types['txt|asc|c|cc|h|nvn'] ) AND $mime_types['txt|asc|c|cc|h|nvn'] = 'text/plain';
    
        return $mime_types;
    }

    Robin W
    Moderator

    @robin-w

    ok, but exactly how are you uploading – what button/link/code are you doing?

    Sounds a dumb question, but is relevant


    johnnyontheweb
    Participant

    @johnnyontheweb

    you mean:

    	// First we unregister the old key
        unset( $mime_types['txt|asc|c|cc|h'] );
        // Then we add a new one
        ! isset( $mime_types['txt|asc|c|cc|h|nvn'] ) AND $mime_types['txt|asc|c|cc|h|<strong>nvn</strong>'] = 'text/plain';

    No way, same error.

    As a partecipant user, in the Reply to: box, I click on the button “Browse…” and I select a .nvn text file.


    Robin W
    Moderator

    @robin-w

    so are you running an additional plugin such as bbpress gd attachments to get this browse button ?


    johnnyontheweb
    Participant

    @johnnyontheweb

    Yes exactly, but I made sure that all the roles were able to attach files – I believe that all its settings are correct.

    Otherwise, how to allow attachments?


    Robin W
    Moderator

    @robin-w

    ok, not a plugin I’ve looked at in detail – I’ll have a quick look later


    Robin W
    Moderator

    @robin-w

    I’ve had a quick look, but could spend the rest of Christmas looking in code

    I’d suggest you raise a ticket in bbpress attachments

    https://wordpress.org/support/plugin/gd-bbpress-attachments/


    johnnyontheweb
    Participant

    @johnnyontheweb

    Iā€™d suggest you raise a ticket in bbpress attachments

    https://wordpress.org/support/plugin/gd-bbpress-attachments/

    Done, I hope this will help to find a solution. By now, many thanks for your help.


    Robin W
    Moderator

    @robin-w


    johnnyontheweb
    Participant

    @johnnyontheweb

    Yes, I already tried a plugin to modify the accepted mime types, this changes nothing. Anyway, I think that the setting for the new mime type added to wp is not the problem, since keymaster can successfully upload files.


    Robin W
    Moderator

    @robin-w

    agree, let’s see if Milan responds šŸ™‚


    Milan Petrovic
    Participant

    @gdragon

    Hi,

    My GD bbPress Attachments plugin gets file uploaded through media library, and MIME Types check is done in WP core. So, MIME control code should work. But, many security plugins also limit MIME types, so it might be related to that.

    But, my GD bbPress Toolbox Pro https://plugins.dev4press.com/gd-bbpress-toolbox/ has MIME Types control alowing you to add new types and limit upload to select types.

    Problem is that WordPress checks actual MIME Type for files, so if the extension is not registered with the file’s real MIME Type, it will fail. If you have archive that you connect to text file MIME, it will fail, because WP uses PHP function to read file MIME if possible.

    Milan

Viewing 25 replies - 1 through 25 (of 28 total)
  • You must be logged in to reply to this topic.
Skip to toolbar