Woocommerce: Import products: Import fails with a security notice for CSV files

As a workaround, installing https://wordpress.org/plugins/disable-real-mime-check/ and attempting to import again does not show the error. h/t @hafizrahman

Seems related to the WP 5.0.1 update which now enforces mime type checking. Working on a fix.

After some further investigation, this seems to be a bug in WP core and not WooCommerce. CSV is an allowed type, but the mime type can be text/plain as well as text/csv and WP only caters for the one.

Opened a tract ticket with a patch here https://core.trac.wordpress.org/ticket/45615

Workaround in #22208

Seems related to the WP 5.0.1 update which now enforces mime type checking. Working on a fix.

I have had this happen today on two sites running WP 4.9.9 and 4.8.8 also

I have had this happen today on two sites running WP 4.9.9 and 4.8.8 also

Yes, 5.0.1 was a security fix which means they backported the fixes to older versions of WordPress as well, so you will see it in those releases too.

A better workaround is this

add_filter("mime_types", "add_csv_plain");
function add_csv_plain($mime_types)
{

    unset($mime_types['txt|asc|c|cc|h|srt']);
    $mime_types['txt|asc|c|cc|h|srt|csv'] = 'text/plain';

    return $mime_types;
}

add_filter("woocommerce_csv_product_import_valid_filetypes", "add_csv_plain_woocommerce");
function add_csv_plain_woocommerce()
{
    return [
        'txt|csv' => 'text/plain',
        'csv' => 'text/csv',
    ];
}

However I believe if a csv file is uploaded with the mime type of text/csv it would still fail because now we are saying that csv should = text/plain

I think Wordpress need to add something into the real mime type check to allow csv to be either text/plain or text/csv

As a workaround, installing https://wordpress.org/plugins/disable-real-mime-check/ and attempting to import again does not show the error. h/t @hafizrahman

This has worked for me to import products, but the images aren't working. They are in my media folder on WP and I tried the file name, the file name.jpg, the full URL and wp-content/uploads/2018/10/N0006-1.jpg
None of these have worked so all 703 products are without pictures! Any ideas please?

Hey @homelylittletouch

This has worked for me to import products, but the images aren't working

I've just tested with two CSV files, one product with a remote image and one with an image already at {site}/wp-content/uploads/2018/12/beanie.jpg and both worked.

I'd retry the CSV with the Product ID and Images columns and "update existing products". If the images aren't attaching, this could be another issue at play.

Another report in hc-8801734

Hey @homelylittletouch

This has worked for me to import products, but the images aren't working

I've just tested with two CSV files, one product with a remote image and one with an image already at {site}/wp-content/uploads/2018/12/beanie.jpg and both worked.

I'd retry the CSV with the Product ID and Images columns and "update existing products". If the images aren't attaching, this could be another issue at play.

Thank you, this has worked now with the original file.

Interactions I've had around this:

1643312-zen
1643577-zen
1642767-zen
1643372-zen
1643225-zen

From the forums -
https://wordpress.org/support/topic/wp-5-0-1-breaks-woocommerce-csv-import
https://wordpress.org/support/topic/wp-4-9-9-dont-load-csv-in-woocommerce-import/
https://wordpress.org/support/topic/csv-import-issues-3/#post-10985971 (cc @amandasjackson )

Not sure if this is just me but since this new update, when I was finally able to import my products and pictures, nothing seems to be working properly. Menus are not updating properly, my category slider has gone off the page and is not showing the categories I selected. Is this a coincidence or all related? Are WP working on a new version to fix the bugs; I'm apprehensive to advertise a website that isn't working properly!

I just experienced this issue as well. My WP/WC installation did an update by itself to 4.9.9 and now I can not import my products through .csv anymore.

What is the current situation on this matter? Should I update further on to 5.0.1? I am a little scared, that it gets even worse....

As I read, the workaround with the MIME plugin will cause problems with showing the images... So I do not know, what to do now.

// edit:
my workaround by now is, to ftp upload the csv and then use that one for importing new products

@ruphu5 Would you mind explaining that process in a little more detail? I'd be interested to try that option myself.

@ruphu5 Would you mind explaining that process in a little more detail? I'd be interested to try that option myself.

When importing new products, you have the option to use an uploaded .csv file on your webspace.
Login -> Products -> Import -> "Show advanced options" -> set the path to your .csv file (e.g. 'wp-content/uploads/your-new-products.csv') -> Press Continue

@ruphu5 Would you mind explaining that process in a little more detail? I'd be interested to try that option myself.

When importing new products, you have the option to use an uploaded .csv file on your webspace.
Login -> Products -> Import -> "Show advanced options" -> set the path to your .csv file (e.g. 'wp-content/uploads/your-new-products.csv') -> Press Continue

Thanks, I'll give that a try!

The WP core team is aware of the issue, and will have this issue fixed. (Thanks for submitting the core patch @kloon!)

If it's not fixed in WordPress core by the time WooCommerce 3.5.3 goes out, we'll add a workaround in WC 3.5.3.

In the meantime, the easiest workaround is to rename your CSV file from foo.csv to foo.txt, and everything should continue working.

Adding another interaction for future reference:

8803020-hc

FYI - Trac shows a possible fix has been moved from 5.0.2 to 5.0.3 release

Hello,

for information in my case with an admin account no problem to import csv file in woocommerce import product tool.
but with a "shop manager" account the error occurs.

hope it will be fixed soon.

Wordpress 5.0.1
disable-real-mime-check plugin installed

Just to add - noticed that this error is not thrown on the tax rate CSV import - so maybe you're missing the security checks on that upload.

Another instance of this here: 8901934-hc

The user was attempting to install a .csv file exported from EKM.

I can confirm the same issue. Just tried installing a .csv file that I created via Microsoft Excel, get the exact same error as in the OP 'Sorry, this file is not permitted for security reasons.'

Installing the 'Disable Real MIME Check By Sergey Biryukov' resolved this issue. Attempted to save the .csv as a .txt file within Excel, but it didn't format it properly for the upload functionality.

As a workaround, installing https://wordpress.org/plugins/disable-real-mime-check/ and attempting to import again does not show the error. h/t @hafizrahman

This has worked for me to import products, but the images aren't working. They are in my media folder on WP and I tried the file name, the file name.jpg, the full URL and wp-content/uploads/2018/10/N0006-1.jpg
None of these have worked so all 703 products are without pictures! Any ideas please?

Wo

As a workaround, installing https://wordpress.org/plugins/disable-real-mime-check/ and attempting to import again does not show the error. h/t @hafizrahman

Worked for me as well, thanks! Do you know if having this plugin active can have downsides?

In my case i have to downgrade to V4.9.8 with plugin WP downgrade, until this is corrected....

Worked for me as well, thanks! Do you know if having this plugin active can have downsides?

It can let admin on the site upload literally anything.

I'd recommend activating the plugin only when you need to upload a CSV then either deactivate or even uninstall it until needed again @ovejaenlaciudad

Worked for me as well, thanks! Do you know if having this plugin active can have downsides?

It can let admin on the site upload literally anything.

I'd recommend activating the plugin only when you need to upload a CSV then either deactivate or even uninstall it until needed again @ovejaenlaciudad

Good point! I'll do that then. Thanks a lot!

Anyone else having issues? Should there be a closing bracket if making the mu-plugin?

Hi Everyone-

Any working patches? Please see my test logs for the benefit of the community here:
https://wordpress.org/support/topic/wp-5-0-1-breaks-woocommerce-csv-import/page/2/#post-11009922

Thanks Much! Any help regarding getting CSVs working would be great. Did this just get patched/fixed by WordPress this evening PDT?

• J

As a workaround, installing https://wordpress.org/plugins/disable-real-mime-check/ and attempting to import again does not show the error. h/t @hafizrahman

This has worked for me to import products, but the images aren't working. They are in my media folder on WP and I tried the file name, the file name.jpg, the full URL and wp-content/uploads/2018/10/N0006-1.jpg
None of these have worked so all 703 products are without pictures! Any ideas please?

Wo

As a workaround, installing https://wordpress.org/plugins/disable-real-mime-check/ and attempting to import again does not show the error. h/t @hafizrahman

Worked for me as well, thanks! Do you know if having this plugin active can have downsides?

Went for this and it failed for us as well as others in-forum.

It's not ideal, but we've been using the following setting at wp-config.php to sort this, while an update and fix is released.

define( 'ALLOW_UNFILTERED_UPLOADS', true );

I tried this @jmzolezzi and it unfortunately did not assist.

Any known interim workarounds? We've tried everything down to the MU plugin and this is totally a CORE issue that we expect to be deployed by WordPress in the next 10-20 hours.

WP Version: 5.0.1

FYI - this is now present in 5.0.2 as well, released last night.

As Claudiu mentioned:

In the meantime, the easiest workaround is to rename your CSV file from foo.csv to foo.txt, and everything should continue working.

I tested this method earlier and it worked.

When a fix is released, if it is by us, it will be on https://woocommerce.wordpress.com and included in the release notes.

If it is by the WordPress folks, then it will again be in the release notes.

A quick workaround is to use the Disable Real MIME Check plugin. I too had this issue today, I needed a quick workaround which I used the plugin for.

Hi @AaronBowie -
This plugin did not work for 5.0.1 :(

What version do you have installed of WordPress?

Thanks..
JF

@Linuxhombre Hi,

I used WP 5.0.1 and Woo 3.5.1 I downgraded both WP and Woo to get this to work.

Hi @AaronBowie - unfortunately that really isn't an option for us.

Any known workarounds right now?

Cheers!
J

It has been a long time. Do we have a timeline for next WP/WC release? Will it fix this? If not I'll downgrade to WP 4.9.8.

Thanks

Do we have a timeline for next WP/WC release?

Probably not for at least another couple weeks.

Another issue reported here zen-1669580.

Installing Disable Real MIME Check fixed the issue.

Yep thanks for your answer. I had as well same message(security) while importing media. Waiting a couple of weeks more then.

Yes I made every permutation of changes, but reinstalling the WP core was the best temporary solution.

Quite a big bug to wait several weeks for. Maybe WooCommerce can make a developer-side announcement, as I'm sure not all are in-the-know regarding this current (and very strange) issue.

Thanks Team!
J

Another issue reported here: 8103324-hc . Installing the plugin disable-real-mime-check worked!

Installing the Disable Real MIME Check Plugin solved the Issue.

Quite a big bug to wait several weeks for.

It's a bug in WordPress that affects any plugin that uses uploaded CSVs vs being specific to WooCommerce. Since there is already a plugin available to use as a work around the best choice for affected plugins is to give WP core an opportunity to fix it.

Another issue reported here: 8824694-hc, mentioned plugin made it work :)

Another in 1683286-zen that the plugin workaround worked for as well.

Just adding that renaming to .txt did not work, but the disable-real-mime-check plugin did resolve as a workaround. Per best practices, I'm planning on keeping the plugin deactivated except when needed for imports.

Shout out to the others who suggested this, saved me some hours and frustration for sure!!

Downgrade with our custom systems was the only solution, FYI. Waiting for
the next WP Core update that shoud fix this.

Be sure to check your permissions always too!

On Wed, Jan 2, 2019 at 8:16 AM Michael Kastler notifications@github.com
wrote:

Just adding that renaming to .txt did not work, but the
disable-real-mime-check plugin did resolve as a workaround. Per best
practices, I'm planning on keeping the plugin deactivated except when
needed for imports.

Shout out to the others who suggested this, saved me some hours and
frustration for sure!!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/woocommerce/woocommerce/issues/22208#issuecomment-450906976,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AE5vq5tq2OY5qGGfLuX2XVUzYGdNtU71ks5u_NtAgaJpZM4ZRDp8
.

--

Joshua M. Feldman
[email protected]

m. 424.283.0045

Another report in 9237290-hc

Also reported in 1698618-zen

This should be fixed in the WP 5.0.3 release going out tomorrow.

No changes needed our end - wait for the WP update.

Still persists for me. Followed @arunsathiya's suggestion to disable mime check.

This is on 5.0.3.

@rorybot Is that happening on WordPress 5.0.3 for you? I tested now and the upload works fine for me. You might also want to check if that happens with any related/all plugins disabled - essentially test on a vanilla install of WooCommerce.

I can confirm that this is still an issue for me as well with 5.0.3. I've disabled most plugins on my test site. I can't get it to work with CSVs in UTF8 from LibreOffice, not even if I rename them to .txt. I ended up putting the file on my server for import, but that's a huge pain unless you know it's exactly right the first time (well, and even then it's a pain.)

@jfacemyer There must be something else conflicting.

I uploaded a few CSV files to my test site yesterday and it is on 3.5.4 and5.0.3`.

I can confirm that it is possible to upload the sample data CSV - https://github.com/woocommerce/woocommerce/blob/master/sample-data/sample_products.csv - to a brand new site with only WooCommerce active.

If WooCommerce is latest and WordPress is 5.0.3, then something else is conflicting and not allowing CSV files to upload @rorybot @jfacemyer

Here is a gif I created just now - https://d.pr/Czux7C

this is a whole lot to read and figure out - just to be able to import products... what am I supposed to do? why can't we just have an update to the update? :( it's been over 2 months and I still can't import products...

Hey @seacress - if you have updated to the latest WooCommerce and WordPress versions then importing via CSV file is working as expected.

If you have updated and you are still having trouble, please either open a ticket from WooCommerce.com if you have premium extensions there or open a support forum thread - https://wordpress.org/support/plugin/woocommerce/

Thank,