Allow any file extension for upload
11 posts by 3 authors in: Forums > CMS Builder
Last Post: December 12, 2008 (RSS)
By aev - December 10, 2008
Is it possible to allow any file extension for a upload field?
Similar to unlimited size.
-aev-
Re: [aev] Allow any file extension for upload
By ross - December 10, 2008
Thanks for posting!
There isn't a built in way to just say allow all file types. How many different kinds of files were you aiming to have allowable?
Cheers,
Ross Fairbairn - Consulting
consulting@interactivetools.com
Hire me! Save time by getting our experts to help with your project.
Template changes, advanced features, full integration, whatever you
need. Whether you need one hour or fifty, get it done fast with
Priority Consulting: http://www.interactivetools.com/consulting/
Re: [aev] Allow any file extension for upload
By Dave - December 10, 2008
interactivetools.com
Re: [Dave] Allow any file extension for upload
By aev - December 11, 2008
Is this still a security risk if the client is "trusted"? Or is it possible for not logged in people to somehow upload files?
-aev-
Re: [aev] Allow any file extension for upload
By ross - December 11, 2008
It's still a security risk in that the code in the files they are uploading could lead to problems. CMS Builder won't be scanning your files for malicious code or anything like that. It will just upload the file.
But you can add any extension to that list you like so it ends up being what ever you like :).
Cheers,
Ross Fairbairn - Consulting
consulting@interactivetools.com
Hire me! Save time by getting our experts to help with your project.
Template changes, advanced features, full integration, whatever you
need. Whether you need one hour or fifty, get it done fast with
Priority Consulting: http://www.interactivetools.com/consulting/
Re: [ross] Allow any file extension for upload
By aev - December 11, 2008
Can we disable the extension check if only highly trusted users are editing the site?
If yes, how do we do it?
-aev-
Re: [aev] Allow any file extension for upload
By ross - December 11, 2008
Were you thinking something like this:
if user is and admin, allow any file type?
Either way, we'll have to ask Dave about this one but we can talk it out before he gets in today :).
Cheers,
Ross Fairbairn - Consulting
consulting@interactivetools.com
Hire me! Save time by getting our experts to help with your project.
Template changes, advanced features, full integration, whatever you
need. Whether you need one hour or fifty, get it done fast with
Priority Consulting: http://www.interactivetools.com/consulting/
Re: [ross] Allow any file extension for upload
By aev - December 11, 2008
-aev-
Re: [aev] Allow any file extension for upload
By Dave - December 12, 2008
- open /lib/menus/default/uploadForm_functions.php
- search for 'allowedExtensions'
- add the code in red:
// check allowed extensions
$validExt = preg_split("/\s*\,\s*/", strtolower($fieldSchema['allowedExtensions']));
$fileExt = pathinfo(strtolower($uploadInfo['name']), PATHINFO_EXTENSION);
$encodedValidExt = htmlspecialchars( $fieldSchema['allowedExtensions'] );
if (!in_array('*', $validExt) && !in_array($fileExt, $validExt)) {
$fileErrors .= sprintf(__("File '%s' isn't allowed (valid file extensions: %s)."), $encodedFilename, $encodedValidExt);
$fileErrors .= "<br/>\n";
}- Change the allowed file extensions to: *
Let me know if that works how you want, if it does I'll leave it in the code for the next version.
interactivetools.com
Re: [Dave] Allow any file extension for upload
By aev - December 12, 2008
I added your code and it works perfectly! Great!
-aev-