• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

want to allow permission to upload images but no other format

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
aloha!

I want to ensure that the users can upload/attach only avatars and images in the posts, but no other format of attachments in their posts. How can i ensure that? is there a configuration to ensure this? how can we handle cases if people try to rename other file formats (say exe files) and try to upload them as images.

thanks in advance

~jaknap
[originally posted on jforum.net by pankajvermani]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

take a look at http://www.jforum.net/doc/ExtensionsAndExtensionGroups

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't think that answered the question. You can fully control which file extensions are allowed for upload, but that doesn't prevent a user from renaming a .exe file to .jpg, uploading it, and putting a message with it for the users to rename before using, etc.


[originally posted on jforum.net by jenamon]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you know of any bb systems that can prevent this other than by just denying attachments? I'd love to know how they are determining what's and image and what is not?

Of course, if you want to be paranoid and not have to do too much coding, you could modify the templates so that the download attachment link runs some javascript that puts a warning message up before starting the DL. E.g.,


[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you know of any bb systems that can prevent this other than by just denying attachments? I'd love to know how they are determining what's and image and what is not?

Of course, if you want to be paranoid and not have to do too much coding, you could modify the templates so that the download attachment link runs some javascript that puts a warning message up before starting the DL. E.g.,


[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think safety is the issue. Let's be more generic in the discussion. What if I, as a company, allow .zip files, and someone downloads a file from my site, posted by another user, unzips it, and it (figuratively) blows up his machine. He'll be angry with me and my company, even if I do have usage terms that include "download files at your own risk." I want to avoid that. So, what are my options?

Not all potential users of forum software are savvy enough to know not to follow those sorts of instructions, e.g. download a .jpg file and rename it to .exe.

I posted elsewhere asking if anyone has put a virus scanner into the middle of the file upload process, and if so, how?

Thanks,
J.

[originally posted on jforum.net by jenamon]
 
Sometimes you feel like a nut. Sometimes you feel like a tiny ad.
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic