.doc and .docx files fail to upload

On one Debian-based OpenEMR 5.0.2 system, “A”, I can upload .doc and .docx files OK for a patient. On another Debian-based OpenEMR 5.02 system, “B”, I can’t.

“A” was upgraded from 5.0.1 to 5.0.2. “B” was a fresh install of 5.0.2.

.docx files give this error:
“The system does not permit uploading files with MIME content type - application/vnd.openxmlformats-officedocument.wordprocessingml.document.”

.doc (Word 97-2003) files give this error:
“The system does not permit uploading files with MIME content type - application/msword.”

PDF and .txt files upload OK on both systems.

I don’t see anything in the Apache error log.

Does anyone have any idea why this is please?
Thanks

Hi @PeteBoyd out of curiosity was the .docx file generated by Microsoft word natively or did you save a file to .docx from something like Libre office?

A quick google search returns the below:
https://community.adobe.com/t5/coldfusion/mime-type-issue-docx/m-p/1775235?page=1
https://stackoverflow.com/questions/1201945/how-is-mime-type-of-an-uploaded-file-determined-by-browser

Hi,
Likely related to the settings in Administration->Files->‘Create custom white list of MIME content type of a files to secure your documents system’

@brady.miller Thank you, that helps me see that these MIME types are blacklisted.

Additionally I see that on server A this is not switched on, where as it is on server B:
Administration > Globals > Security > Secure Upload Files with White List

Is the default with OpenEMR 5.0.2 to block file formats that can potentially contain malware (e.g. .doc and .docx)? If so, what have people standardised on doing – exporting Word documents to PDF for uploading into OpenEMR?

@RachelEllison yes the docx came from LibreOffice.

hi @PeteBoyd, you can add the allowed types with the list editor

Screenshot from 2020-04-02 17-22-52994×600 44.8 KB

or you can disable the secure uploads in Globals->Security