Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Upload file which contain no extension into wordpress?

Wordpress version:4.7.9.

define('ALLOW_UNFILTERED_UPLOADS', true);

The statement was written into wp-includes/functions.php.
Edit a simple file named test which contain no any extension.

vim test
to upload the file which contain no file extension.

Get the error when to upload the file test.

This file type is not allowed. Please try another.

Rename the file test into test.txt.
And add the following into wp-includes/functions.php.

add_filter('upload_mimes','custom_upload_mimes');
function custom_upload_mimes ( $existing_mimes=array() ) {
     $existing_mimes['txt'] = 'application/txt';
     return $existing_mimes;
     }

The file test.txt can be uploaded successfully.
It is no use to set in the configure file wp-config.php.

define('ALLOW_UNFILTERED_UPLOADS', true);

I am using a child of twentyfourteen.

Here is my /var/www/html//wp-content/themes/twentyfourteen-child/functions.php

<?php
define('ALLOW_UNFILTERED_UPLOADS', true);
function my_theme_enqueue_styles() {

$parent_style = 'twentyfourteen-style'; // This is 'twentyfourteen-style' for the Twenty Fourteen theme.


wp_enqueue_style( $parent_style, get_template_directory_uri() . '/style.css' );
wp_enqueue_style( 'child-style',
get_stylesheet_directory_uri() . '/style.css',
array( $parent_style ),
wp_get_theme()->get('Version')
);
}
add_action( 'wp_enqueue_scripts', 'my_theme_enqueue_styles' );
remove_filter('the_content', 'wptexturize');
remove_filter('the_excerpt', 'wptexturize');
remove_filter('comment_text', 'wptexturize');
?>

It can't take any effect.

like image 788
showkey Avatar asked Mar 02 '18 09:03

showkey


3 Answers

The real problem is not with WordPress's backend but it's frontend validation. The uploader is handled by Plupload and by default, WordPress is only checking if you have defined ALLOW_UNFILTERED_UPLOADS in the uploading progress, without really tweaking the frontend plugin's filter validation with the value. Perhaps a small frontend glitch.

As you can see, WordPress is always rendering the following default settings:

var _wpPluploadSettings = {"defaults":{"file_data_name":"async-upload","url":"\/wp-admin\/async-upload.php","filters":{"max_file_size":"268435456b","mime_types":[{"extensions":"jpg,jpeg,jpe,gif,png,bmp,tiff,tif,ico,asf,asx,wmv,wmx,wm,avi,divx,flv,mov,qt,mpeg,mpg,mpe,mp4,m4v,ogv,webm,mkv,3gp,3gpp,3g2,3gp2,txt,asc,c,cc,h,srt,csv,tsv,ics,rtx,css,htm,html,vtt,dfxp,mp3,m4a,m4b,ra,ram,wav,ogg,oga,flac,mid,midi,wma,wax,mka,rtf,js,pdf,class,tar,zip,gz,gzip,rar,7z,psd,xcf,doc,pot,pps,ppt,wri,xla,xls,xlt,xlw,mdb,mpp,docx,docm,dotx,dotm,xlsx,xlsm,xlsb,xltx,xltm,xlam,pptx,pptm,ppsx,ppsm,potx,potm,ppam,sldx,sldm,onetoc,onetoc2,onetmp,onepkg,oxps,xps,odt,odp,ods,odg,odc,odb,odf,wp,wpd,key,numbers,pages"}]},"multipart_params":{"action":"upload-attachment","_wpnonce":"9ee7fbf228"}},"browser":{"mobile":false,"supported":true},"limitExceeded":false};

A temporary fix to the problem before they fix it on their end would be hooking in the filters WordPress is calling to generate the frontend settings, plupload_default_settings.

Add the filter in your functions.php:

add_filter('plupload_default_settings', function ($settings) {
    if (defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS) {
        unset($settings['filters']['mime_types']);
    }

    return $settings;
});

This will allow you to upload your test via the uploader. Since WordPress is checking already in the backend, as long as you have defined it in your wp-config.php that ALLOW_UNFILTERED_UPLOADS is true, it should be uploaded properly.

like image 154
Chin Leung Avatar answered Oct 24 '22 04:10

Chin Leung


Make sure there isn't a security plugin or other plugin that overrides your define('ALLOW_UNFILTERED_UPLOADS', true); :)

I would suggest first to scan for ALLOW_UNFILTERED_UPLOADS through your site files and see what pops up.

Also update to latest version of WordPress if you haven't already, since the error message you are getting is different from the one I get.

like image 39
Rens Tillmann Avatar answered Oct 24 '22 04:10

Rens Tillmann


You do not want to paste this into your /functions.php file but in your /wp-config.php file.

Alternatively, you can create MIME's for specific file types by pasting this into your /functions.php file, like you have done.

like image 26
Brett Avatar answered Oct 24 '22 04:10

Brett