You must read the config.php file before making any changes. It states clearly that you must take care of the security, and the demo is just that, a demo so it isn't strange that anybody can upload there.
I can also send you my website url if you want to look.
there my config.php in the filemanager
Thanks
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
// authenticated users can access this file or use some kind of session checking.
$Config['Enabled'] = true ;
// Due to security issues with Apache modules, it is recommended to leave the
// following setting enabled.
$Config['ForceSingleExtension'] = true ;
// Perform additional checks for image files.
// If set to true, validate image size (using getimagesize).
$Config['SecureImageUploads'] = true;
// What the user can do with this connector.
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
// Allowed Resource Types.
$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
// For security, HTML is allowed in the first Kb of data for files having the
// following extensions only.
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
// After file is uploaded, sometimes it is required to change its permissions
// so that it was possible to access it at the later time.
// If possible, it is recommended to set more restrictive permissions, like 0755.
// Set to 0 to disable this feature.
// Note: not needed on Windows-based servers.
$Config['ChmodOnUpload'] = 0777 ;
// See comments above.
// Used when creating folders that does not exist.
$Config['ChmodOnFolderCreate'] = 0777 ;
Re: Security pb
Re: Security pb
I can also send you my website url if you want to look.
there my config.php in the filemanager
Thanks
// SECURITY: You must explicitly enable this "connector". (Set it to "true"). // WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only // authenticated users can access this file or use some kind of session checking. $Config['Enabled'] = true ; // Due to security issues with Apache modules, it is recommended to leave the // following setting enabled. $Config['ForceSingleExtension'] = true ; // Perform additional checks for image files. // If set to true, validate image size (using getimagesize). $Config['SecureImageUploads'] = true; // What the user can do with this connector. $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ; // Allowed Resource Types. $Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ; // For security, HTML is allowed in the first Kb of data for files having the // following extensions only. $Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ; // After file is uploaded, sometimes it is required to change its permissions // so that it was possible to access it at the later time. // If possible, it is recommended to set more restrictive permissions, like 0755. // Set to 0 to disable this feature. // Note: not needed on Windows-based servers. $Config['ChmodOnUpload'] = 0777 ; // See comments above. // Used when creating folders that does not exist. $Config['ChmodOnFolderCreate'] = 0777 ;]Re: Security pb