ExpressionEngine 2.10.0 introduced a new MIME type detection library. We use
this library in our upload code to ensure the file being uploaded is safe. We now
PHP’s Fileinfo extension, which
they note “is enabled by
default as of PHP 5.3.0,” and we have updated our
server compatibility wizard to check for
Fileinfo. We have made the assumption that most hosts have
Fileinfo available, however, it can be explicitly disabled via the
--disable-fileinfo configuration option when compiling.
In addition, we have changed the format and contents of
system/expressionengine/config/mimes.php. If you did not replace that file
during the upgrade to 2.10.0 you should expect errors with file uploads.
If you encounter problems with uploading files check the following:
- Login to your CP and go to Tools, then Utilities, then PHP Info. If you see
--disable-fileinfoon that page (I recommend using your browser’s search function) then you will need to contact your host and have them provide a version of PHP with fileinfo not disabled (i.e. enabled).
- Check your
system/expressionengine/config/mimes.phpfile. If it does not contain
$whitelist = arrayaround line 31 you will need to upload a fresh copy.
If you use MediaTemple you will need to create a phprc file that contains the following:
extension = fileinfo.so
If you are on Windows, PHP notes that you “must include the bundled
php_fileinfo.dll DLL file in
php.ini to enable” fileinfo.