Option to configure dangerous extensions

See all posts See thread Reply

Re: Option to configure dangerous extensions new!
# Reply
by colin, 11 years, 2 months ago
1. You can't rely on file extensions. Instead of blacklisting extensions, you can blacklist MIME types, using allowed and forbidden.

2. It is not possible with the class as it is written now. But this should be doable in the upcoming compete rewrite of the class. That said, you can remove most of the "dangerous checking" if you wish (see no_script for instance)Reply
Re: Option to configure dangerous extensions new!
# Reply
by philipp, 11 years, 2 months ago
maybe i missunderstanding.
1. the apache configuration uses extensions to determine which file should be parsed as i.e. php-file. and your upload-class changes the extension of some dangerous text-files. i would like to configure which extension will be transformed.
2. thank you.Reply
Re: Option to configure dangerous extensions new!
# Reply
by colin, 11 years, 2 months ago
OK, I understand what you mean. It is quite complex to add options for that, as it checks on the MIME type, on the extension, etc... I will see if I can add this feature in a next release.Reply