🧩 🐞 Media file is not allowed to be uploaded for security reasons within Elementor in Local installation

[DeoThemes]

Prerequisites

• I have searched for similar issues in open and closed tickets and cannot find a duplicate.
• I have troubleshooted my issue, and it still exists against the latest stable version of Elementor.

Description

After updating to 3.19.2 I can't upload images in Elementor editor anymore. I'm getting This file is not allowed for security reasons when trying to upload a jpeg image.
I'm using Local by FlyWheel for development. When testing on my hosting it works without any issues. So I guess this is related to a local environment only

Steps to reproduce

1. Edit page with Elementor
2. Add an Image widget
3. Upload a jpeg image

Expected behavior

The image is uploaded

Isolating the problem

• This bug happens when only the Elementor (and Elementor Pro) plugins are active.
• This bug happens with the Hello Elementor theme active.
• I can reproduce this bug consistently by following the steps I described above.

Elementor System Info

Click to reveal

== Server Environment ==
	Operating System: WINNT
	Software: nginx/1.16.0
	MySQL version: MySQL Community Server - GPL v8.0.16
	PHP Version: 8.0.30
	PHP Memory Limit: 256M
	PHP Max Input Vars: 4000
	PHP Max Post Size: 1000M
	GD Installed: Yes
	ZIP Installed: Yes
	Write Permissions: All right
	Elementor Library: Connected

== WordPress Environment ==
	Version: 6.4.3
	Site URL: http://test.local
	Home URL: http://test.local
	WP Multisite: No
	Max Upload Size: 300 MB
	Memory limit: 40M
	Max Memory limit: 256M
	Permalink Structure: Plain
	Language: en-US
	Timezone: 0
	Debug Mode: Active

== Theme ==
	Name: Xhibiter
	Version: 1.0.0
	Author: DeoThemes
	Child Theme: No

== User ==
	Role: administrator
	WP Profile lang: en_US
	User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36

== Active Plugins ==
	Elementor
		Version: 3.19.2
		Author: Elementor.com


== Elementor Experiments ==
	Improved Asset Loading: Active by default
	Improved CSS Loading: Active by default
	Inline Font Icons: Active
	Additional Custom Breakpoints: Active by default
	admin_menu_rearrangement: Inactive by default
	Flexbox Container: Active
	Upgrade Swiper Library: Active
	Grid Container: Inactive by default
	Editor Top Bar: Inactive by default
	Optimized Gutenberg Loading: Active by default
	Build with AI: Active by default
	Landing Pages: Active by default
	Nested Elements: Inactive by default
	Lazy Load Background Images: Active
	Optimize Image Loading: Active by default
	Global Style Guide: Active by default


== Log ==
	
JS: showing 5 of 5JS: 2023-07-24 11:20:46 [error X 2][../wp-content/plugins/elementor/assets/js/editor.min.js?ver=3.14.1:3:579551] Element type not found: 'deo-icon-box' 
JS: 2023-07-25 01:05:27 [error X 2][../wp-content/plugins/deo-elements-addons-for-elementor/assets/js/library-frontend.min.js?ver=0.0.1:10:12] white_label is not defined 
JS: 2023-07-25 01:07:13 [error X 1][../wp-content/plugins/deo-elements-addons-for-elementor/assets/js/library-frontend.min.js?ver=0.0.1:587:15] Macy is not defined 
JS: 2023-07-25 06:34:04 [error X 14][../wp-content/plugins/deo-elements-addons-for-elementor/assets/js/lib/macy/macy.min.js?ver=3.0.6:1:2918] Cannot read properties of undefined (reading 'replace') 
JS: 2024-02-03 05:05:13 [error X 1][../wp-includes/js/dist/vendor/react-dom.min.js?ver=18.2.0:10:128492] Minified React error #200; visit https://reactjs.org/docs/error-decoder.html?invariant=200 for the full message or use the non-minified dev environment for full errors and additional helpful warnings. 

PHP: showing 2 of 2PHP: 2023-07-24 12:20:51 [warning X 1][..\wp-content\plugins\elementor\core\page-assets\data-managers\font-icon-svg\font-awesome.php::50] Trying to access array offset on value of type null [array (
  'trace' => '
#0: Elementor\Core\Logger\Manager -> shutdown()
',
)]
PHP: 2023-07-24 12:21:53 [warning X 2][..\wp-content\plugins\elementor\core\page-assets\data-managers\font-icon-svg\font-awesome.php::19] Undefined array key 0 [array (
  'trace' => '
#0: Elementor\Core\Logger\Manager -> shutdown()
',
)]

Log: showing 14 of 142024-02-03 05:05:15 [info] Elementor data updater process has been queued. [array (
  'plugin' => 'Elementor',
  'from' => '3.14.1',
  'to' => '3.19.0',
)]
2024-02-03 05:05:15 [info] elementor::elementor_updater Started 
2024-02-03 05:05:15 [info] Elementor/Upgrades - _on_each_version Start  
2024-02-03 05:05:15 [info] Elementor/Upgrades - _on_each_version Finished 
2024-02-03 05:05:15 [info] Elementor/Upgrades - _v_3_16_0_container_updates Start  
2024-02-03 05:05:15 [info] Elementor/Upgrades - _v_3_16_0_container_updates Finished 
2024-02-03 05:05:15 [info] Elementor/Upgrades - _v_3_17_0_site_settings_updates Start  
2024-02-03 05:05:15 [info] Elementor/Upgrades - _v_3_17_0_site_settings_updates Finished 
2024-02-03 05:05:15 [info] Elementor data updater process has been completed. [array (
  'plugin' => 'Elementor',
  'from' => '3.14.1',
  'to' => '3.19.0',
)]
2024-02-09 01:13:22 [info] elementor::elementor_updater Started 
2024-02-09 01:13:22 [info] Elementor/Upgrades - _on_each_version Start  
2024-02-09 01:13:22 [info] Elementor/Upgrades - _on_each_version Finished 
2024-02-09 01:13:22 [info] Elementor data updater process has been completed. [array (
  'plugin' => 'Elementor',
  'from' => '3.19.0',
  'to' => '3.19.2',
)]
2024-02-09 01:13:22 [info] Elementor data updater process has been queued. [array (
  'plugin' => 'Elementor',
  'from' => '3.19.0',
  'to' => '3.19.2',
)]



== Elementor - Compatibility Tag ==

Agreement

• I agree that my issue may be closed without action if it doesn't meet all the requirements.

[robaxx]

Just confirming I've started having the same problem.
Same versions of Elementor and Elementor Pro as in post above.

Issue happens when adding an image to the carousel and slider widgets. Does not happen with the Gallery Widget.
But also - I've inserted the Prime Slider widget by BDThemes to try and get around the problm, but it also exhibits the same issue.

Otherwise, uploading images is fine in the media gallery.

This happens on my live multisite.

Elementor System Info

Click to reveal

== Server Environment ==
	Operating System: WINNT
	Software: Microsoft-IIS/10.0
	MySQL version: MySQL Community Server (GPL) v5.7.34
	PHP Version: 7.4.33
	PHP Memory Limit: 812M
	PHP Max Input Vars: 1000
	PHP Max Post Size: 32M
	GD Installed: Yes
	ZIP Installed: Yes
	Write Permissions: All right
	Elementor Library: Connected

== WordPress Environment ==
	Version: 6.4.3
	Site URL: https://xxxxxxxxxxxx.com
	Home URL: https://xxxxxxxxxxxx.com
	WP Multisite: Yes
	Max Upload Size: 10 MB
	Memory limit: 64M
	Max Memory limit: 812M
	Permalink Structure: /%category%/%postname%/
	Language: en-NZ
	Timezone: Pacific/Auckland
	Debug Mode: Inactive

== Theme ==
	Name: Astra Child Theme
	Version: 1.0.0
	Author: Astra Child Theme
	Child Theme: Yes
	Parent Theme Name: Astra
	Parent Theme Version: 4.6.4
	Parent Theme Author: Brainstorm Force

== User ==
	Role: administrator
	WP Profile lang: en_NZ
	User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0

== Active Plugins ==
	Astra Pro
		Version: 4.6.3
		Author: Brainstorm Force

	Disable Author Archives
		Version: 1.3.2
		Author: freemp

	Elementor
		Version: 3.19.2
		Author: Elementor.com

	Elementor Pro
		Version: 3.19.2
		Author: Elementor.com

	Favicon by RealFaviconGenerator
		Version: 1.3.28
		Author: Philippe Bernard

	GuardGiant Brute Force Protection
		Version: 2.2.6
		Author: GuardGiant Brute Force Protection

	Premium Starter Templates
		Version: 4.0.9
		Author: Brainstorm Force

	Prime Slider
		Version: 3.11.13
		Author: BdThemes

	Recent Posts Widget With Thumbnails
		Version: 7.1.1
		Author: Kybernetik Services

	Super Page Cache for Cloudflare
		Version: 4.7.5
		Author: Optimole

	Ultimate Addons for Elementor
		Version: 1.36.29
		Author: Brainstorm Force

	WP Media folder
		Version: 5.8.2
		Author: Joomunited

	WPS Hide Login
		Version: 1.9.13.2
		Author: WPServeur, NicolasKulka, wpformation


== Network Plugins ==
	Activity Log
		Version: 2.9.0
		Author: Activity Log Team

	Admin Menu Editor Pro
		Version: 2.23.3
		Author: Janis Elsts

	AME Branding Add-on
		Version: 1.3.7
		Author: Janis Elsts

	AME Toolbar Editor
		Version: 1.4.3
		Author: Janis Elsts

	Autoremove Attachments
		Version: 1.3.1
		Author: Polygon Themes

	Beehive Analytics
		Version: 3.4.11
		Author: WPMU DEV

	Better Search Replace
		Version: 1.4.5
		Author: WP Engine

	Branda
		Version: 3.4.15
		Author: WPMU DEV

	Code Snippets Pro (Premium)
		Version: 3.6.3
		Author: Code Snippets Pro

	Defender
		Version: 4.5.0
		Author: WPMU DEV

	Imsanity
		Version: 2.8.3
		Author: Exactly WWW

	Mail logging - WP Mail Catcher
		Version: 2.1.7
		Author: James Ward

	Multisite Enhancements
		Version: 1.6.1
		Author: Frank Bültge

	NS Cloner - Site Copier
		Version: 4.4.2
		Author: Never Settle

	Optimize Database after Deleting Revisions
		Version: 5.2.2
		Author: NerdPress

	SmartCrawl
		Version: 3.9.2
		Author: WPMU DEV

	User Role Editor Pro
		Version: 4.64.1
		Author: Vladimir Garagulia

	WP-DBManager
		Version: 2.80.9
		Author: Lester 'GaMerZ' Chan

	WP Crontrol
		Version: 1.16.1
		Author: John Blackbourn & crontributors

	Yoast Duplicate Post
		Version: 4.5
		Author: Enrico Battocchi & Team Yoast


== Elements Usage ==
	
	popup : 1
		form : 1
		heading : 1
		icon : 1
		text-editor : 2
	wp-page : 3
		form : 1
		gallery : 1
		heading : 2
		image-box : 2
		slides : 1
		social-icons : 1
		text-editor : 1


== Settings ==
	
	cpt_support: page, e-landing-page
	disable_color_schemes: yes
	disable_typography_schemes: yes
	allow_tracking: yes
	load_fa4_shim: yes


== Features ==
	Custom Fonts: 0
	Custom Icons: 0

== Integrations ==
	
	google_maps: Active
	recaptcha: Active
	recaptcha_v3: Active


== Elementor Experiments ==
	Improved Asset Loading: Active by default
	Improved CSS Loading: Active by default
	Inline Font Icons: Inactive by default
	Additional Custom Breakpoints: Active by default
	admin_menu_rearrangement: Inactive by default
	Flexbox Container: Inactive by default
	Upgrade Swiper Library: Inactive by default
	Grid Container: Inactive by default
	Default to New Theme Builder: Active by default
	Editor Top Bar: Inactive by default
	Optimized Gutenberg Loading: Active by default
	Build with AI: Inactive
	Landing Pages: Active by default
	Nested Elements: Inactive by default
	Lazy Load Background Images: Inactive by default
	Optimize Image Loading: Active by default
	Global Style Guide: Active by default
	Page Transitions: Active by default
	Notes: Active by default
	Display Conditions: Inactive by default
	Form Submissions: Inactive
	Scroll Snap: Active by default
	Menu: Inactive by default
	Taxonomy Filter: Inactive by default


== Log ==
	
Log: showing 20 of 422024-01-31 13:53:41 [info] Elementor data updater process has been completed. [array (
  'plugin' => 'Elementor',
  'from' => '3.18.3',
  'to' => '3.19.0',
)]
2024-01-31 13:53:42 [info] elementor-pro::elementor_pro_updater Started 
2024-01-31 13:53:42 [info] Elementor Pro/Upgrades - _on_each_version Start  
2024-01-31 13:53:42 [info] Elementor Pro/Upgrades - _on_each_version Finished 
2024-01-31 13:53:42 [info] Elementor data updater process has been completed. [array (
  'plugin' => 'Elementor Pro',
  'from' => '3.18.2',
  'to' => '3.19.0',
)]
2024-01-31 13:53:43 [info] Elementor data updater process has been queued. [array (
  'plugin' => 'Elementor Pro',
  'from' => '3.18.2',
  'to' => '3.19.0',
)]
2024-02-07 15:11:04 [info] Elementor data updater process has been queued. [array (
  'plugin' => 'Elementor',
  'from' => '3.19.0',
  'to' => '3.19.1',
)]
2024-02-07 15:11:06 [info] elementor::elementor_updater Started 
2024-02-07 15:11:06 [info] Elementor/Upgrades - _on_each_version Start  
2024-02-07 15:11:06 [info] Elementor/Upgrades - _on_each_version Finished 
2024-02-07 15:11:06 [info] Elementor data updater process has been completed. [array (
  'plugin' => 'Elementor',
  'from' => '3.19.0',
  'to' => '3.19.1',
)]
2024-02-08 15:14:09 [info] Elementor data updater process has been queued. [array (
  'plugin' => 'Elementor',
  'from' => '3.19.1',
  'to' => '3.19.2',
)]
2024-02-08 15:14:11 [info] elementor::elementor_updater Started 
2024-02-08 15:14:11 [info] Elementor/Upgrades - _on_each_version Start  
2024-02-08 15:14:11 [info] Elementor/Upgrades - _on_each_version Finished 
2024-02-08 15:14:11 [info] Elementor data updater process has been completed. [array (
  'plugin' => 'Elementor',
  'from' => '3.19.1',
  'to' => '3.19.2',
)]
2024-02-08 15:14:20 [info] elementor-pro::elementor_pro_updater Started 
2024-02-08 15:14:20 [info] Elementor Pro/Upgrades - _on_each_version Start  
2024-02-08 15:14:20 [info] Elementor Pro/Upgrades - _on_each_version Finished 
2024-02-08 15:14:20 [info] Elementor data updater process has been completed. [array (
  'plugin' => 'Elementor Pro',
  'from' => '3.19.0',
  'to' => '3.19.2',
)]

JS: showing 1 of 1JS: 2024-02-09 04:46:33 [error X 1][../wp-admin/load-scripts.php?c=0&loadchunk_0=jquery-core,jquery-migrate,utils,wp-polyfill-inert,regenerator-runtime,wp-polyfill,wp-hooks&ver=6.4.3:2:28760] Cannot read properties of undefined (reading 'value') 



== Elementor - Compatibility Tag ==
	
	Elementor Pro: Compatible
	Prime Slider: Compatible
	Ultimate Addons for Elementor: Compatible

== Elementor Pro - Compatibility Tag ==
	
	Ultimate Addons for Elementor: Compatible

[micadude]

i have the same problem with my elementor pro 3.19.2
Media file is not allowed to be uploaded for security reasons within Elementor in Local installation...
i use only astra as theme and still the problem is there ...
also i have only install elementor and elementor pro
what can you do more to fix this bug?

[robaxx]

Updating this:

I have a second non-multisite instance with the same issue and so I rolled Elementor and Elementor Pro back, first to 3.19.1 where the problem still happened, and then to 3.19.0 where the problem is gone. That may help narrow it down.

Note that my sites are all live. This isn't necessarily a local installation issue.

[micadude]

i have found the solution without rollback your version of elementor or wordpress :
in wordpress you go to media and upload the media from there , after this you can add the uploaded media to your page .

[DeoThemes]

Yes, I also can upload using Media, however on versions 3.19.1 & 3.19.2 it's impossible to upload from Elementor editor. I guess it has something to do with the latest image upload security fix.

[micadude]

i don't have that problem you have with your elementor pro 3.19.2
strange ...

[younesben99]

also have this problem on local, very annoying

[a-aerts]

If it's any help, it works fine for me on arch linux, it doesn't on Windows

[robaxx]

Ok I see.
I guess when the others say it happens local and not remote, it's because their local systems are probably Windows, same as my remote system is.
One of the guys above lists nginx on Windows. I'm IIS on Windows. Suggests that the issue is to do with Windows rather than the server software. I would guess it's to do with file or application permissions and the new role/permissions features in that Elementor release.

[kertechs]

Hello

I have a similar problem
In my case it's on a window server.
the upload directory is the default one C:Windows\Temp
upload works when not using elementor

I investigated it a bit and came to the conclusion the problem lied in
Elementor\Core\Files\Uploads_Manager::validate_file()

$is_tmp_name_valid = empty( $file['tmp_name'] ) || realpath( $file['tmp_name'] ) !== false;
is always false because of realpath( $file['tmp_name'] ) always false

I verified the file exists physically and through file_exists which returns true
[02-Mar-2024 09:15:02 UTC] realpath( C:\Windows\Temp\phpF941.tmp ) =>
[02-Mar-2024 09:15:02 UTC] file_exists(C:\Windows\Temp\phpF941.tmp) => 1

$is_tmp_name_valid = empty( $file['tmp_name'] ) || realpath( $file['tmp_name'] ) !== false || file_exists($file['tmp_name']);
solved my issue

Don't know if it can help you

[robaxx]

That fix works great kertechs, thanks!
Now, how does one get the Elementor team to fix things as fast as the users.

[Bobj2018]

Appreciate the fix! Thanks!