Archive

Posts Tagged ‘security’

Adding arbitrary files to WordPress Media Library

December 13th, 2009 No comments

I tried uploading a C# file to go along with a previous post, but kept getting an “IO Error” from WordPress. That wasn’t very helpful. Fortunately when I tried doing the same thing from Linux, I got a slightly more informative message telling me that the “File type does not meet security guidelines”. If you have a different idea than the developers of what constitutes a “security threat”, you can modify the list of file types that can be uploaded to WordPress. Find the wp-includes/functions.php file in your installation directory, and add your new MIME type(s) to the default list in get_allowed_mime_types function.

BTW, this only works if you have control over your WordPress install. If you’re using a hosted solution I guess you have to put up with it.

This is the code you’ll want to modify:

/**
 * Retrieve list of allowed mime types and file extensions.
 *
 * @since 2.8.6
 *
 * @return array Array of mime types keyed by the file extension regex corresponding to those types.
 */
function get_allowed_mime_types() {
        static $mimes = false;

        if ( !$mimes ) {
                // Accepted MIME types are set here as PCRE unless provided.
                $mimes = apply_filters( 'upload_mimes', array(
                'jpg|jpeg|jpe' => 'image/jpeg',
                'gif' => 'image/gif',
                'png' => 'image/png',
                'bmp' => 'image/bmp',
                'tif|tiff' => 'image/tiff',
                'ico' => 'image/x-icon',
                'asf|asx|wax|wmv|wmx' => 'video/asf',
                'avi' => 'video/avi',

If you have a lot of file types and don’t want to bother adding them all, another option is to modify your wp-config.php file and add the following line:

define('ALLOW_UNFILTERED_UPLOADS', true);
Categories: Uncategorized Tags: ,