LinkUploadDeniedExtensions looks like a useful value in the config file, but it does not seem to be used anywhere except in the localization text. Is there supposed to be some code that prevents upload of executable files? I would like to not have people pretending to upload images and then selecting a php file, uploading it and then possibly running it on the server. I'm thinking it might involve (at least in the case of php) a regular expression test against the uploaded filename and returning a code 202 if it's a bad one.
Tue, 01/25/2005 - 12:45
#1
RE: LinkUploadDeniedExtensions not used?
If you use the php connector from http://www.mcpuk.net/fbxp then you can specify which files to allow the user to upload to the file browser (these extensions may differ between types, e.g. Images, Media, Flash, File). The beta copy (which although beta should work fine) also ensures that the user does not upload an image with a .jpg, .png etc. and rename it to a .php , however it does not observe the LinkUploadDeniedExtensions config option.
The beta copy is a complete package (FCKEditor 2.RC2 + Filemanager updates + the PHP connector) if you wish you can copy just the connector out and use it in what you have running already, the folder you are looking for is editor/filemanager/browser/default/connectors/php
Hope this is of some help..