Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Only allow images (AllowedFileExtensions doesn't work!)

MacgyverMacgyver
edited June 2012 in Vanilla 2.0 - 2.8

I want users to only be allowed to upload images. I tried adding the following to /conf/conf.php

$Configuration['Garden']['Upload']['AllowedFileExtensions'] = array('jpg','jpeg','gif','png');

This apparently prevents .exe and a few other filetypes to be uploaded, but DOES allow .zip, .pdf? Why? How can I fix this?

Thanks a lot!

Best Answer

  • x00x00 MVP
    edited June 2012 Answer ✓

    now that is very interesting it appears to work with you comment out

    $Configuration['Garden']['Upload']['AllowedFileExtensions']... in config-default.php

    So it is not taking precedent.

    This isn't really the fault of the plugin, it is for some reason the config option is not taking precedent.

    You ca create an issue here
    https://github.com/vanillaforums/Garden/issues

    grep is your friend.

Answers

  • 422422 MVP
    edited June 2012

    Is there a disallowed var ?

    Isnt it the other config file ... Default.conf i think you should edit?

    There was an error rendering this rich post.

  • MacgyverMacgyver

    Sorry, which file? I don't see default.conf anywhere.

    conf.php was mentioned here, someone asked the same question: http://vanillaforums.org/discussion/19558/limit-the-number-of-files-that-can-be-loaded-and-the-file-type-to-only-allow-images-in-fileupload#latest

  • 422422 MVP

    I am mobile so cannot check.

    There was an error rendering this rich post.

  • MacgyverMacgyver

    Bump, anyone? This could be a serious security hole!

  • peregrineperegrine MVP
    edited June 2012

    Maybe you should email the developer of the pluginand put the word Security Problem - usually gets their attention.

    when I see your screen name @Macgyver, I think of the tv show Macgyver where he could probably fix the plugin with a candle, and a bottlecap

    http://en.wikipedia.org/wiki/MacGyver
    from the wiki

    ... appeared in a MasterCard television commercial for Super Bowl XL. In it, he manages to cut the ropes binding him to a chair using a pine tree air freshener, uses an ordinary tube sock as the pulley for a zip-line, and somehow repairs and hot-wires a nonfunctional truck using a paper clip, ballpoint pen, rubber band, tweezers, nasal spray, and a turkey baster.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • 422422 MVP

    The last paragraph, could be coded in jquery json and ajax lol

    There was an error rendering this rich post.

  • x00x00 MVP
    edited June 2012 Answer ✓

    now that is very interesting it appears to work with you comment out

    $Configuration['Garden']['Upload']['AllowedFileExtensions']... in config-default.php

    So it is not taking precedent.

    This isn't really the fault of the plugin, it is for some reason the config option is not taking precedent.

    You ca create an issue here
    https://github.com/vanillaforums/Garden/issues

    grep is your friend.

  • MacgyverMacgyver

    x00 said:
    now that is very interesting it appears to work with you comment out

    $Configuration['Garden']['Upload']['AllowedFileExtensions']... in config-default.php

    So it is not taking precedent.

    This isn't really the fault of the plugin, it is for some reason the config option is not taking precedent.

    You ca create an issue here
    https://github.com/vanillaforums/Garden/issues

    Great find!

Sign In or Register to comment.