-
Notifications
You must be signed in to change notification settings - Fork 35
config deniedassetfileextensions
A configuration directive for specifying an explicit blacklist of file
extensions allowed for uploaded files. Because an explicit blacklist
implicitly means everything else is allowed, it is more permissive than its
whitelist counterpart, AssetFileExtensions, which implicitly disallows
everything that is not specified.
Please see AssetFileExtensions for details on syntax and usage.
DeniedAssetFileExtensions defaults to the following array of patterns:
- ascx
- asis
- asp
- aspx
- bat
- cfc
- cfm
- cgi
- cmd
- com
- cpl
- dll
- exe
- htaccess
- html?
- inc
- jhtml
- js
- jsb
- jsp
- mht(ml)?
- msi
- php[s\d]?
- phtml?
- pif
- pl
- pwml
- py
- reg
- scr
- sh
- shtml?
- vbs
- vxd
Like AssetFileExtensions, DeniedAssetFileExtensions also accepts the
special value, DEFAULT (all caps!), which can be used extend the default
list in your config.cgi. For example the following adds three MSFT Office
formats to the list above:
DeniedAssetFileExtensions DEFAULT
DeniedAssetFileExtensions doc
DeniedAssetFileExtensions xls
DeniedAssetFileExtensions ppt
Without the DEFAULT value, the above would replace the default list with
those three patterns.
While extending the list is simple, because of the precedence of the two configs, removing elements from the default list is impossible without reproducing the entire list of desired patterns.
Please note that the implementation of this directive differs significantly from that in Movable Type and will need to be converted upon upgrade to Melody.
-
Original request for this feature: Enable admins to limit types of upload files (Case 6478)
-
Categories: Appendix: Configuration Directives
-
Tags: asset, config, extension, file, New in MT5, New in Melody 1.0.2, upload