Allow EPS file upload – two EPS files have different MIME types

In recent versions of WordPress (5.0.1 or higher) file upload security has been tightened by actually checking the content of an uploaded file using the PHP function finfo_file() to determine if the file extension matches the MIME type. This has proven problematic since files with the same file type and extension may yield different MIME types.

In my case one EPS file (let’s call it one.eps) was detected as “application/postscript” while another file (let’s call it two.eps) as “image/x-eps” or “application/octet-stream” depending on which PHP version the server was running.

After adding the below PHP snippet I was consistently able to upload file one.eps to the WordPress Media Library no matter what version of PHP I was using. But the file two.eps could not be uploaded if the server was running PHP 7.2 or higher.

add_filter( 'upload_mimes', function ( $mime_types ) {
    $mime_types[ 'eps' ] = 'application/postscript';
    return $mime_types;
} );

I’m by no means an expert on the EPS file format but I think it’s safe to assume that different variations on the format exists. Opening the two files in different applications and checking the content strengthens this belief:

Opening the files in a text editor:

  • one.eps Has an ASCII/human readable file header
  • two.eps Appears binary

Format according to GIMP:

  • one.eps application/postscript
  • two.eps image/epsf

Format according to finfo_file() on PHP 7.0.10:

  • one.eps application/postscript
  • two.eps application/octet-stream

Format according to finfo_file() on PHP 7.3.2:

  • one.eps application/postscript
  • two.eps image/x-eps

In the WordPress core file wp-includes/functions.php, function wp_check_filetype_and_ext() you will find the following:

// fileinfo often misidentifies obscure files as one of these types
$nonspecific_types = array(
    'application/octet-stream',
    'application/encrypted',
    'application/CDFV2-encrypted',
    'application/zip',
);

Further down in the function there is a hard-coded exception to allow these MIME types under certain circumstances. This is what made it possible to upload two.eps on earlier PHP versions, since finfo_file() reported “application/octet-stream” as its MIME type and this is one of the hard-coded exceptions.

Unfortunately, there seems to be no mechanism in WordPress to allow the same extension to be mapped to different MIME types, which (to me) would be the most obvious solution. Something along the lines of:

add_filter( 'upload_mimes', function ( $mime_types ) {
    $mime_types[ 'eps' ] = array('application/postscript', 'image/x-eps');
    return $mime_types;
} );

However, the user @birgire posted a workaround as an answer to a similar question.

Related Posts:

  1. Change upload directory on custom plugin page
  2. WP Rest API – Upload media without saving attachment post
  3. Disable resizing of gif when uploaded
  4. Can I add custom meta for each image uploaded via media-upload.php?
  5. WordPress 3.5+ upload tool filter
  6. How to check if “media_send_to_editor” is audio?
  7. Pass parameter to the upload_dir filter
  8. Move a file from a directory to another
  9. Using wp_handle_upload() to Direct Specific Path by Using $overrides
  10. upload_files cap to not loggen in users – add_cap to not logged in users
  11. wp_upload_bits Upload Specific Sizes Only
  12. Upload restrictions – upload_mimes – filter: Adding multiple MIMEs for a single extension and adding multiple extensions for a single MIME type?
  13. Filter causing loss of _wp_attachment_metadata
  14. Filter Media by attached page or blog post in Library
  15. Show uploaded pdf files dynamically and filter by month name
  16. Overriding Generated Attachment Post URL
  17. How to get to the date of the uploaded file
  18. Post Type Upload Directory – {post_type}_upload_dir filter
  19. what is __return_false in filters
  20. How to filter users on admin users page by custom meta field?
  21. Passing Additional Parameters to add_filter Callable
  22. How can I add an Author filter to the Media Library?
  23. Modify WordPress Rest Api Request/Response
  24. How to add some custom HTML into wordpress admin bar?
  25. hook into completed image upload filter
  26. Don’t replace “|” with Empty String (“”) when generating slugs from title
  27. apply_filters(‘the_content’, $content) alternative
  28. How to use the_excerpt in a filter hook?
  29. Add wrapper to only youtube videos via embed_oembed_html filter function
  30. Hook into admin post list page
  31. Add post/page ID to inserted links within the_content
  32. Changing document title only on a custom page template
  33. Shortcodes not resolved in AJAX call response
  34. Possible to filter the posts or categories that XML-RPC users see in their mobile application?
  35. Ajax, filters and shortcodes
  36. wp_link_pages output appears twice
  37. Multiple Ajax Data Action
  38. Filter to modify post_title after image upload?
  39. How do I pass the value from a foreach loop to an add_filter function? [closed]
  40. Changing a WordPress core function without hacking core
  41. Change WordPress RSS link with filter?
  42. Search results sorted by post types
  43. How to remove get_post_metadata using remove_filter inside a class?
  44. check if FILTER(“the_content”) is being executed in `the_post()`
  45. Change Password Strength Indicator names?
  46. Limit RSS feed to previous calendar month
  47. How to stop wrapping comments in P tag
  48. How to modify core when there is no hook?
  49. Is this the proper way of switching the “Edit My Profile” link with my BuddyPress “Extended Profile” link?
  50. Does auto_update_plugin Filter Work When Put In Theme’s functions.php File
  51. In need of a content replace filter for posts in a specific wordpress category
  52. html tags in gettext hook get escaped
  53. How to remove action with slashes and arrows?
  54. Inline Styles on all native blocks
  55. How to filter post content and force every link () made in blocks to return urldecode() with readable value?
  56. Set default terms for new posts / CPTs
  57. Get .subsubsub count of post per status queried using pre_get_posts
  58. Adaptive product filters for WooCommerce
  59. Changing WordPress core without hacking core
  60. Plugin options, presets and filters : can you help me improve my workflow?
  61. Remove posts inside pre_get_posts using a custom query
  62. Redirect to another page using contact form 7? [closed]
  63. Wrapping my head around add_filter
  64. Is it possible to apply filter to meta key value when querying posts?
  65. How to add_filter to an OOP based apply_filter(‘foo::bar’, $a);
  66. apply_filters with multiple args and multiple add_filter
  67. Help with filter for wp_notify_moderator()
  68. Change custom post type GUID in RSS
  69. Conflict calling an add_filter() twice
  70. Filter for author list in gutenberg core editor
  71. Add something after a filter
  72. Add filter unless it is being called under specific function
  73. paginate_links() Change the order of links
  74. Filter / add_action to upgrade.php page
  75. Add Filter – Pass Variable (PHP < 5.3)
  76. How do I add a line break to a string that is output by PHP?
  77. Problem width wp_insert_post_data and Gutenberg block editor
  78. style_loader_tag not changing stylesheet to preload
  79. add_filter doesn’t return false?
  80. How to track a particular page in order to address the loading speed issue
  81. Display posts from today and future in Elementor ‘posts widget’
  82. Right filter for rewriting page statuscode
  83. Changing title using filter not working with argument
  84. Archive Widget – Count only parent posts
  85. how to overwrite next_post_link
  86. Cutting off excerpt with first sentence
  87. Change URLs in default WordPress slider to relative from absolute
  88. Print url to default featured image
  89. Change add_filter based on Ajax
  90. What action/filter can be used for modifying the page to be rendered?
  91. Adding user filter – Not updating data in URL
  92. How to add more than one custom metadata as filter on the post list page?
  93. filter wptexturize doesn’t work on old posts titles
  94. Add Default WordPress Formatting To Data From External SQL Tables?
  95. Getting entry ID from frm_email_message filter in formidable
  96. Auto append text after the title?
  97. Is there a hook or filter that adds a button to the left of the search box?
  98. filter a list by gender
  99. This code works, but breaks the media uploader. How do I integrate it in a way that won’t?
  100. Using the REST API filter, including two meta_queries breaks the response for one custom post type