Hi
Does somebody know how to define which types of files can be uploades by users with the file-upload-tool? I´d like to set it to "just audio and video", because I think it´s a risk to open the doors for all kinds of programmes..
Can somebody help me please?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- rjcalifornia@rjcalifornia
rjcalifornia - 0 likes
- Team Webgalli@webgalli
Team Webgalli - 0 likes
- tYSoftware@theYoRecords
tYSoftware - 0 likes
- ihayredinov@ihayredinov
ihayredinov - 0 likes
- tYSoftware@theYoRecords
tYSoftware - 0 likes
- Matt Beckett@Beck24
Matt Beckett - 0 likes
- tYSoftware@theYoRecords
tYSoftware - 0 likes
Where the first and last line in the snippet above are existing code I include to show where I added my code. Now I'm wondering if this would be better implemented as a plugin or if what I have done, changing the existing system and documenting it, is the best way to approach this. It would be trivial to alter this code to allow only .pdf files or only .txt files and very easy to allow only image files, etc. Also I use Songs, instead of Files in the prompt because I've changed to the word Songs in my en.php language file. The Delta Boogie Network is a music site and I want only mp3s uploaded because they work with the included player. Of course, the link and the prompt should be customized to match the site." Can you tell me where and what to insert exactly? I´d like to only allow mp3 and wav.
You must log in to post replies.On the files plugin (I think it is on start.php) you will have to filter the MIME type that you want to allow or deny to upload.
Rodolfo Hernandez
Arvixe/Elgg Community Liaison
You could create a hook for the upload action and then simply run a check against allowd and uploaded types.
$allowedExtensions = array("txt","csv","htm","html","xml",
"css","doc","xls","rtf","ppt","pdf","swf","flv","avi",
"wmv","mov","jpg","jpeg","gif","png");
foreach ($_FILES as $file) {
if ($file['tmp_name'] > '') {
if (!in_array(end(explode(".",
strtolower($file['name']))),
$allowedExtensions)) {
die($file['name'].' is an invalid file type!<br/>'.
'<a href="javascript:history.go(-1);">'.
'<< Go Back</a>');
}
}
}
Have a look at http://php.net/manual/en/features.file-upload.php
Thanks for your answers. Unfortunately I´m not well versed with PHP, so I don´t know exactly how and where I have to insert this code.
Is there a way to let the user only choose for example mp3s instead of checking the type during the upload? I figure that to be a little bit easier.
By the way I´m using Elgg 1.8.3.
Thanks for your help.
That should be possible with client-side programming languages like JavaScript (jQuery). You might be able to find a ready-made plugin if you google.
Creating a server-side solution with PHP is another way. If you are willing to take the learning curve, we can guid you through the process. First step would be to take a look at the group bookmarks, there are some guidelines how to create a plugin skeleton. Once ready, let us know.
Ok, thanks. I think I will have to do this anyway..
But isn´t there a way to modify the active plugin by now?
@IK - I would go with the server-side solution. Client side is too easy to circumvent, usually all you need is a javascript blocker like noscript and you can do whatever you want.
I found a thread where a guy managed to only allow mp3 files. that´s what he wrote:
"Thanks man. It was pretty easy once I realized I had to use the upload.php in the actions/file folder.
I added a few lines of code like this:
$file->tags = $tags;
// allow mp3s only
$ext = strtolower(substr($_FILES['upload']['name'], -4));
if ($ext <> ".mp3"){
echo "Please only upload mp3 files - <a href='http://deltaboogie.net/file/all'>Return to Songs</a>";
exit;
}
// we have a file upload, so process it