Thread

This question may be related to a resolved thread.

I get the MIME error (“The file you are attempting to upload has invalid content for its MIME type.”) while trying to upload a pdf under any user that has rights that is not a superadmin. Expression Engine1.6.4 Build:20080829

I’ve checked the mimes.php file to make sure that pdf was in the list.

I uploaded the pdf file as a superadmin and the file can be found here: http://www.vfwpost7383.org/images/uploads/SEPT_2008_NEWSLETTER.pdf

What are the risks if only specific user groups have the right to upload files, with XSS turned off?

Quick note- make sure you’re running the latest version and build- build 20080829.  False positives on the security check have been reduced.  It is still possible a file can trigger a false positive, but it’s unlikely.  And it boils down to- it’s better to have a few false positives than to allow a compromised file to be uploaded.

What I would likely do?  If a regular user runs into the security check, you could have them zip it up and mail it over.  If the admins are certain it’s safe, they can upload as they bypass the security filter.  It’s the safest way.  But it will boil down to a judgment call.

That help clarify?

winslow, do you still need assistance with that one?