How to fix my custom plugin code to process upload, right way?

  • Resolved ChriStef

    (@christef)


    5 years, 9 months ago

    Hello,

    If not admin white-listed / logged in. I got my upload script blocked from the rule.

    POST /.....php - Blocked file upload attempt (MIME-type mismatch) - [.....inc.php != application/octet-stream]

    The uploading file is a txt code .php extension with many define(“—“,”–“);

    Any idea to fix my code not to trigger this rule?

    Thank you so much for your time and support you give us here,
    /ChriStef.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi

    What kind of script are you using to upload it?

    The problem is that it sends a “application/octet-stream” mime type header (binary file) but the file is a PHP script. NinjaFirewall blocks it because it thinks there’s something fishy here.

    Thread Starter ChriStef

    (@christef)

    Thanks for your quick support. You are super ninja indeed, I have to say this.

    It’s a form post where I use enctype=’multipart/form-data’ and an <input type=”file”>

    /ChriStef.

    Plugin Author nintechnet

    (@nintechnet)

    The script is fine, my question was in fact about the application (the client) you are using to send the file: do you upload it from your browser, or do you run a script to connect to the site and upload the file? It is that application that will send the MIME type along with the file.

    Thread Starter ChriStef

    (@christef)

    Ok thanks for your help, I got the concept.
    /ChriStef.

    Plugin Author nintechnet

    (@nintechnet)

    If you can’t solve this problem, you can disable the MIME-type check protection by adding this line to your wp-config.php:

    define('NFW_NO_MIMECHECK', true);
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘How to fix my custom plugin code to process upload, right way?’ is closed to new replies.