Fix: WooCommerce – Sorry, this file type is not permitted for security reasons.

Solution:

Add below filter to fix the file permission issue of WooCommerce.

The reason of this issue is:

Getting different REAL MIME type from function finfo_file.

The issue maybe the different Operating Systems or due to Different PHP versions.

But, While debugging the issue, When I try to upload the XML on localhost I got the text/xml as a real MIME type and on live site its application/xml.

Below is the debugging steps:

File: /wp-includes/functions.php line 2346

// Validate files that didn't get validated during previous checks.
if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) {
	$finfo = finfo_open( FILEINFO_MIME_TYPE );
	$real_mime = finfo_file( $finfo, $file );
	finfo_close( $finfo );

	// @DEBUGGING...
	echo '<pre>';
	var_dump( FILEINFO_MIME_TYPE ) . '<br/>';
	var_dump( $finfo ) . '<br/>';
	var_dump( $file ) . '<br/>';
	var_dump( $real_mime ) . '<br/>';
	wp_die();

The output of the above code is below on LOCALHOST:

  • PHP: Version 7.2.4
  • System: Windows NT M 6.3 build 9600 (Windows 8.1 Professional Edition) i586
int(16)
resource(767) of type (Unknown)
string(46) "C:\Users\Yum\AppData\Local\Temp/wxr-LccAYF.tmp"
string(8) "text/xml"

But, It is different on the LIVE site.

  • PHP: Version 7.0.32-4+ubuntu16.04.1+deb.sury.org+1
  • System: Linux ip-172-31-25-204 4.4.0-134-generic #160-Ubuntu SMP Wed Aug 15 14:58:00 UTC 2018 x86_64
int(16)
resource(747) of type (Unknown)
string(19) "/tmp/wxr-YNkiH5.tmp"
string(15) "application/xml"

Testing on different PHP versions:

PHP Code

echo 'PHP Version: ' . phpversion() . "<br/><br/>";
echo 'file.vtt | ' . mime_content_type( 'file.vtt') . "<br/>";
echo 'file.xml | ' . mime_content_type( 'file.xml') . "<br/>";

On Localhost – PHP Version: 7.2.4

PHP Version: 7.2.4
file.vtt | text/plain
file.xml | text/xml

On Live – PHP Version: 7.0.32

PHP Version: 7.0.32-4+ubuntu16.04.1+deb.sury.org+1
file.vtt | text/plain
file.xml | application/xml

WordPress 5.0.1 MIME validation for uploaded files fix for wp_handle_sideload()

Sorry, this file type is not permitted for security reasons due to WordPress 5.0.1 MIME validation for uploaded files fix for wp_handle_sideload()

If you have used function wp_handle_sideload() in any of your plugin/theme then you need to pass the mimes types too.

Because WordPress 5.0.1 Security Released. In which the uploaded files are validated with the real MIME type.

E.g. If you have set the application/xml MIME type though filter upload_mimes to upload the XML file and if the real MIME type of uploaded file is text/xml then the file was not uploaded. And it shows the below message.

Sorry, this file type is not permitted for security reasons.


To fix this you need to set the mimes for function wp_handle_sideload().

Check below code for reference.

For more details visit:

https://make.wordpress.org/core/2018/12/13/backwards-compatibility-breaks-in-5-0-1/

https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/