I have some PowerPoint slideshow files, .ppsx, with mime-type application/vnd.openxmlformats-officedocument.presentationml.slideshow, that I want to upload to WordPress. However, when I try to upload it to the media browser, I get the error "Sorry, this file type is not permitted for security reasons.".
This is despite the fact that .ppsx files are in the list of allowed file types and mimetypes.
When you upload a file, WordPress does some security checks on the file in the wp_check_filetype_and_ext function in wp-include/functions.php:2503. Part of these checks is to validate the given mimetype of the file with the mimetype that PHP detects, using the PHP function finfo_file().
However, finfo_file() isn't always accurate, and its results are often OS dependent. In the specific case of .ppsx files, finfo_file() can read the mimetype as application/vnd.openxmlformats-officedocument.presentationml.presentation. WordPress sees this as a potential security risk because it doesn't match the given mimetype for that file extension and shuts down the upload.
wp_check_filetype_and_ext() also has a filter, and we can use this to our advantage:
function my_check_filetype_and_ext( $info, $file, $filename, $mimes, $real_mime )
{
if ( empty( $check['ext'] ) && empty( $check['type'] ) )
{
$secondaryMimetypes = ['ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation'];
// Run another check, but only for our secondary mime and not on core mime types.
remove_filter( 'wp_check_filetype_and_ext', 'my_check_filetype_and_ext', 99, 5 );
$info = wp_check_filetype_and_ext( $file, $filename, $secondaryMimetypes );
add_filter( 'wp_check_filetype_and_ext', 'my_check_filetype_and_ext', 99, 5 );
}
return $info;
}
add_filter( 'wp_check_filetype_and_ext', 'my_check_filetype_and_ext', 99, 5 );
In vanilla WordPress, there is no way to have multiple mimetypes for a single filetype. The above filter runs the mimetype checks again for a secondary set of filetype/mimetype pairs if it fails the first set of pairs. By allowing .ppsx files with the presentation mimetype, you can now upload .ppsx files!
You need to add some code in your configure.php file to upload any type of
define( 'ALLOW_UNFILTERED_UPLOADS', true );
Add this in your configure.php file and you will be able to upload any file format.
or you can follow this link
Following code work fine for me.
function wcAddCustomFileTypeAndExt( $info, $file, $filename, $mimes, $real_mime )
{
if (strpos($filename, '.ppsx') !== false)
{
$info['ext'] = 'ppsx';
$info['type'] = 'application/vnd.openxmlformats-officedocument.presentationml.slideshow';
}
return $info;
}
add_filter('wp_check_filetype_and_ext','wcAddCustomFileTypeAndExt', 99, 5 );
Related
Added the following filter to functions.php in my theme:
add_filter( 'upload_mimes', 'my_myme_types', 1, 1 );
function my_myme_types( $mime_types ) {
$mime_types['txt'] = 'text/plain';
return $mime_types;
}
but when I try upload a text file to Media Library I still get 'Sorry, this file type is not permitted for security reasons.'
My Wordpress version is 5.2.
This should work without any additional function. I just tried with test txt file and it is working fine. There must be some kind of conflict in your code.
So I successfully added svg to my allowed mime types. But I can't get my head around allow js files. It still gives me an error: Sorry, this file type is not permitted for security reasons.
function add_custom_upload_mimes( $mime_types ) {
$mime_types['js'] = 'application/x-javascript';
$mime_types['svg'] = 'image/svg+xml';
return $mime_types;
}
add_filter( 'upload_mimes', 'add_custom_upload_mimes', 1, 1 );
How do I fix this site speed recommendation with wordpress to remove query strings from static resources.
I have some Resources with a "?x54532" on the final of the link including images, js, css....
des/css/dashicons.min.css?x54532'
wp-includes/css/admin-bar.min.css?x54532
wp-content/uploads/2017/12/favicon.png?x54532"
I have 131 links with that query string"?x54532"
The advice "Remove query strings from static resources" is no longer relevant.
The advice originally came from Google PageSpeed but they dropped the recommendation in 2014. By that point, GTMetrix and Pingdom had already adopted all the PageSpeed recommendations and they've not yet updated their testing criteria to match the new PageSpeed recommendations.
You can go direct to Google PageSpeed to test your website here:
https://developers.google.com/speed/pagespeed/insights/
You will notice that "Remove query strings from static resources" is not a PageSpeed recommendation. The reason Google dropped it is because proxy servers like Squid have been caching static resources with query strings for about a decade already.
There are other good reasons why you should ignore the query string advice, not least that GTMetrix doesn't score your website down even with a 0% score:
https://sirv.com/help/resources/remove-query-strings-from-static-resources/
Instead, prioritise your time to fix the important PageSpeed recommendations that will make your pages load faster.
Place this in your theme's functions.php file or create a plugin file.
function remove_script_style_version( $src ) {
if ( strpos( $src, 'ver=' ) ) {
$src = remove_query_arg( 'ver', $src );
}
if ( strpos( $src, 'x54532' ) ) {
$src = remove_query_arg( 'x54532', $src );
}
return $src;
}
add_filter( 'style_loader_src', 'remove_script_style_version', 1000 );
add_filter( 'script_loader_src', 'remove_script_style_version', 1000 );
// Remove Query String
function nerodev_remove_query_string($src) {
$parts = explode('?ver=', $src);
return $parts[0];
}
add_filter('script_loader_src', 'nerodev_remove_query_string', 15, 1);
add_filter('style_loader_src', 'nerodev_remove_query_string', 15, 1);
Source is here
How do I fix this site speed recommendation with wordpress to remove query strings from static resources.
Resources with a "?" in the URL are not cached by some proxy caching servers. Remove the query string and encode the parameters into the URL for the following resources:
http://cdn.datatables.net/1.10.12/js/jquery.dataTables.min.js?ver=4.5.3
/wp-content/cache/nextend/web/n2-ss-2/n2-ss-2.css?1467994835
/wp-content/cache/nextend/web/n2/n2.js?1467994835
/wp-content/plugins/smar ... edia/dist/smartslider-frontend.min.js?1467908685
/wp-content/plugins/smar ... artslider-simple-type-frontend.min.js?1467908685
/wp-content/plugins/smar ... nd/media/dist/nextend-frontend.min.js?1467908685
/wp-content/plugins/smar ... dia/dist/nextend-webfontloader.min.js?1467908685
/wp-content/themes/wootique-child/style.css?ver=4.5.3
/wp-content/themes/wootique/style.css?ver=4.5.3
/wp-includes/js/wp-embed.min.js?ver=4.5.3
/wp-includes/js/wp-emoji-release.min.js?ver=4.5.3
Wordpress seems to add these strings automatically.
this should do the job..
this removes the querystring on the frontend not the admin site.
Update: Add this into your functions.php file. Ensure that its kept within the PHP tags.
function rm_query_string( $src ){
$parts = explode( '?ver', $src );
return $parts[0];
}
if ( !is_admin() ) {
add_filter( 'script_loader_src', 'rm_query_string', 15, 1 );
add_filter( 'style_loader_src', 'rm_query_string', 15, 1 );
}
This plugin will remove query strings from static resources like CSS & JS files, and will improve your speed scores in services like PageSpeed, YSlow, Pingdoom and GTmetrix.
Resources with a “?” or “&” in the URL are not cached by some proxy caching servers, and moving the query string and encode the parameters into the URL will increase your WordPress site performance significant.
// Remove Query String
function nerodev_remove_query_string($src) {
$parts = explode('?ver=', $src);
return $parts[0];
}
add_filter('script_loader_src', 'nerodev_remove_query_string', 15, 1);
add_filter('style_loader_src', 'nerodev_remove_query_string', 15, 1);
I found this here
How can I integrate Dropzonejs file uploader library in wordpress front end just like the built in one and have the uploaded one available in my media library?
Dropzonejs is a very extensive javascript library that provides a lot of options to handle media uploading.
To integrate dropzonejs with wordpress the process is pretty straight forward. Assume the following piece of code is where you want to appear your uploader.
<div id="media-uploader" class="dropzone"></div>
<input type="hidden" name="media-ids" value="">
Having a class dropzone will automatically attach the dropzone event with the element. That will stop us from overriding default parameters. So we would like to disable the auto discover feature of the library.
// Disabling autoDiscover, otherwise Dropzone will try to attach twice.
Dropzone.autoDiscover = false;
Now we will use jQuery to bind our configuration with the element.
jQuery("#media-uploader").dropzone({
url: dropParam.upload,
acceptedFiles: 'image/*',
success: function (file, response) {
file.previewElement.classList.add("dz-success");
file['attachment_id'] = response; // push the id for future reference
var ids = jQuery('#media-ids').val() + ',' + response;
jQuery('#media-ids').val(ids);
},
error: function (file, response) {
file.previewElement.classList.add("dz-error");
},
// update the following section is for removing image from library
addRemoveLinks: true,
removedfile: function(file) {
var attachment_id = file.attachment_id;
jQuery.ajax({
type: 'POST',
url: dropParam.delete,
data: {
media_id : attachment_id
}
});
var _ref;
return (_ref = file.previewElement) != null ? _ref.parentNode.removeChild(file.previewElement) : void 0;
}
});
In the code above what we have done is we attached dropzone with our element with some parameters-
url - location where we want to send our files to upload. I'll initialize the variable later.
acceptedFiles - since we are only interested in uploading images, we will limit the files to be attached only to images. You can find about more in the website of this library.
success - a callback that is fired when the file/image is uploaded successfully. It accepts two parameter the reference of the uploaded file itself and the response from the server. This is very important, here we stored the attachment id in our form. You can perform a validation here prior to store the id.
error - if the file failed to upload then you can perform any task here.
addRemoveLinks - add the remove file link below the preview panel, you can style it with your css.
removedfile - handles the operation while you click on the remove file link for an image in the preview panel. In this function we sent an ajax call to our server to remove the image from the library
Of course there are a lot of option available, but I found these are the most basic parameters I required to setup my drag-n-drop media uploader.
Now the most important thing is to decide about the file uploader url. You can have a custom file where you would want to process the operation. But I found another way.
From this question and the answer I found using admin-post.php file is pretty amazing.
Many people complained about this admin-post.php, so think sticking to the wp_ajax.php is the best option.
So I initialized the drophandler variable prior to my dropzone initialization as follows-
wp_enqueue_script('dropzone','path/to/dropzone', array('jquery'));
wp_enqueue_script('my-script','path/to/script',array('jquery','dropzone'));
$drop_param = array(
'upload'=>admin_url( 'admin-ajax.php?action=handle_dropped_media' ),
'delete'=>admin_url( 'admin-ajax.php?action=handle_deleted_media' ),
)
wp_localize_script('my-script','dropParam', $drop_param);
Now we are ready to send our images to the server. Here we will add some php code whether in the theme's function.php file or in our plugin file, but we need to be assured that it is loaded.
The following function will take care of the uploading the image and saving as an attachment in the library.
add_action( 'wp_ajax_handle_dropped_media', 'handle_dropped_media' );
// if you want to allow your visitors of your website to upload files, be cautious.
add_action( 'wp_ajax_nopriv_handle_dropped_media', 'handle_dropped_media' );
function handle_dropped_media() {
status_header(200);
$upload_dir = wp_upload_dir();
$upload_path = $upload_dir['path'] . DIRECTORY_SEPARATOR;
$num_files = count($_FILES['file']['tmp_name']);
$newupload = 0;
if ( !empty($_FILES) ) {
$files = $_FILES;
foreach($files as $file) {
$newfile = array (
'name' => $file['name'],
'type' => $file['type'],
'tmp_name' => $file['tmp_name'],
'error' => $file['error'],
'size' => $file['size']
);
$_FILES = array('upload'=>$newfile);
foreach($_FILES as $file => $array) {
$newupload = media_handle_upload( $file, 0 );
}
}
}
echo $newupload;
die();
}
The following action take care of the deletion of the media element. Second parameter of wp_delete_attachment() function allows us to decide whether we want to trash the image or completely delete it. I wanted to delete it completely so passed true.
add_action( 'wp_ajax_handle_deleted_media', 'handle_deleted_media' );
function handle_deleted_media(){
if( isset($_REQUEST['media_id']) ){
$post_id = absint( $_REQUEST['media_id'] );
$status = wp_delete_attachment($post_id, true);
if( $status )
echo json_encode(array('status' => 'OK'));
else
echo json_encode(array('status' => 'FAILED'));
}
die();
}
This will return the attachment_id in the response and we'll get it in the success function. In the media_handle_upload( $file, 0 ); I passed the reference of the file and a 0 because I didn't wanted to assign the media with any post yet (0 for no post, but if you want to assign then pass the post ID here. More reference in the codex.)
This is all for uploading media in wordpress.
Note: I haven't completed the removing uploaded file part. I'll complete this in a moment.
UPDATE
The post is updated. Now we can remove uploaded media elements from the uploader container. Thanks to this question and the answer I could figure out the actual process.
Those who are having problems getting this to work for non-admin users; please use admin-ajax.php instead of admin-post.php.
I had faced a strange issue that admin-post.php would work for non-admin users on my local server; but my live server refused to let non-admins upload files. php would echo entire page instead of the echoed value.
I replaced admin-post.php with admin-ajax.php and uploads work super cool.
I hope this helps.
The solution added to this post is incorrect unless I've misunderstood the question. Basically the solution won't work for anyone who isn't logged in as an admin. It took me 30 minutes to work it out plus the solution for removing images doesn't delete it from the media library.