Page 1 of 1
How to restrict file format and size when upload
Posted: Thu Nov 17, 2011 6:28 pm
by 3XTR3M3
Hello, I'm interested how to disable to upload the file formats such as. . exe php. ... etc.
I just want to be able to upload images with diferent format (jpg,png,bmp,gif...)
and how to set the maximum file size.
Thank you
Re: How to restrict file format and size when upload
Posted: Fri Nov 18, 2011 2:23 am
by Eni
Hi,
I don't know where to exclude file formats from upload, but you can limit the file size here:
Administration -> Configuration -> Image Conversion Settings -> Max. file upload size
~eni
Re: How to restrict file format and size when upload
Posted: Fri Nov 18, 2011 11:39 am
by 3XTR3M3
Eni wrote:Hi,
I don't know where to exclude file formats from upload, but you can limit the file size here:
Administration -> Configuration -> Image Conversion Settings -> Max. file upload size
~eni
Thank you for help, i miss that part of panel
If there any admin to give the answer how to exclude file formats, because this is big security hole, users can upload anything.
Re: How to restrict file format and size when upload
Posted: Fri Nov 18, 2011 12:21 pm
by Timbalu
I see what you mean.... but...
Serendipity, as I see it, is a Blogsystem, not a Forum, with more or less trusted memberships.
If you do not trust your blog writing members, forbid adminImages or adminImagesAdd for this group in general (or create a special group for untrusted users, without adminImages access)!
As far as I know, there is no plugin to extend the finetuning of membership rights to exclude special file formats (IMHO).
Re: How to restrict file format and size when upload
Posted: Fri Nov 18, 2011 1:42 pm
by Eni
Hm, depends on how it's used.
I have set up a blog as base for a school website. The main idea was to have the school newspaper being published online as well, so it ended up with several blog writers of different trust levels - teachers, parents and children (workgroups and single accounts), who used it for different school activity news. Though, it was mainly handled by moderating entries.
Re: How to restrict file format and size when upload
Posted: Fri Nov 18, 2011 3:02 pm
by Timbalu
Yes, thats the point.
It has to be moderated, it has to be on somebodies hands!
It is a BLOG, not first of all a CMS system. I just wanted to make clear, why we do not have some more finetuned member settings, ... (by now).
(and yes, I know we all love using serendipity as both...!)
Re: How to restrict file format and size when upload
Posted: Sun Nov 20, 2011 9:40 pm
by garvinhicking
Hi!
The s9y core has an exclusion system that should already filter out most active contnet:
Code: Select all
function serendipity_isActiveFile($file) {
if (preg_match('@^\.@', $file)) {
return true;
}
$core = preg_match('@\.(php.*|[psj]html?|aspx?|cgi|jsp|py|pl)$@i', $file);
if ($core) {
return true;
}
$eventData = false;
serendipity_plugin_api::hook_event('backend_media_check', $eventData, $file);
return $eventData;
}
in include/functions_image.inc.php.
You can also see there's an event API hook, so you can create any custom plugin that listens on backend_media_check and modify $eventData to false, if $addData is an invalid file.
HTH,
Garvin