Allowed file types for upload

shastasheen

Joined: 2010-01-19
Posts: 2

Posted: Tue, 2010-01-19 20:32

This is my first post here, so hello community

I have a somewhat basic question, and I have already lurked the forum searching info. Anyways, I still have not found a thread about it. :/

I have successfully installed Gallery2, embedding it into my website. Everything works OK. However, I noticed that registered users are allowed to upload any type of file, which is a security risk, I think.

I wonder if there is a way of limit the types of file that can be uploaded to the gallery, maybe pasting some code to limit the allowed types.

For example, something like:


&lt;?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&amp;&amp; ($_FILES["file"]["size"] &lt; 1000000))

Etc…

Or maybe:


&lt;?php 
  $allowedExtensions = array("jpg","jpeg","gif","png");

Etc…

Any idea or advice? Have anyone tried adding something like this to his/her gallery?

nivekiam

Joined: 2002-12-10
Posts: 16504

Posted: Tue, 2010-01-19 21:08

Quote:

However, I noticed that registered users are allowed to upload any type of file, which is a security risk, I think.

Not of any type. I'm pretty sure HTML, JS, etc are not allowed.

You can check what's blocked by installing the Mime Maintenance plugin and from there you can allow or block types of files.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

shastasheen

Joined: 2010-01-19
Posts: 2

Posted: Tue, 2010-01-19 22:01

Oh, OK, I have just installed Mime and it works perfectly. Thank you very much for your help, nivekiam

shastasheen Joined: 2010-01-19 Posts: 2	Posted: Tue, 2010-01-19 20:32
	This is my first post here, so hello community I have a somewhat basic question, and I have already lurked the forum searching info. Anyways, I still have not found a thread about it. :/ I have successfully installed Gallery2, embedding it into my website. Everything works OK. However, I noticed that registered users are allowed to upload any type of file, which is a security risk, I think. I wonder if there is a way of limit the types of file that can be uploaded to the gallery, maybe pasting some code to limit the allowed types. For example, something like: `<?php if ((($_FILES["file"]["type"] == "image/gif") \|\| ($_FILES["file"]["type"] == "image/png") \|\| ($_FILES["file"]["type"] == "image/jpeg") \|\| ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 1000000))` Etc… Or maybe: `<?php $allowedExtensions = array("jpg","jpeg","gif","png");` Etc… Any idea or advice? Have anyone tried adding something like this to his/her gallery?
	XUser login Username: * Password: * Create new account Request new password
nivekiam Joined: 2002-12-10 Posts: 16504	Posted: Tue, 2010-01-19 21:08
	Quote: However, I noticed that registered users are allowed to upload any type of file, which is a security risk, I think. Not of any type. I'm pretty sure HTML, JS, etc are not allowed. You can check what's blocked by installing the Mime Maintenance plugin and from there you can allow or block types of files. ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

shastasheen Joined: 2010-01-19 Posts: 2	Posted: Tue, 2010-01-19 22:01
	Oh, OK, I have just installed Mime and it works perfectly. Thank you very much for your help, nivekiam

Allowed file types for upload

XUser login