Gossamer Forum
Home : Products : Gossamer Forum : Discussion :

Specifying Allowable Attachments

Quote Reply
Specifying Allowable Attachments
A few weeks ago I asked if it was possible to specify attachment types that are allowed instead of those that are denied. IMHO too many MIME types to keep up with and figure out which ones could be malicious so instead I want to specify the attachment types allowed and deny all others. The code snippet shown below is what I did to make it work that way.

I'm certain jagerman and others can do it more eloquently but it works. In the admin area all you do is enter the extension of the files that you will allow. The wildcards no longer matter so your entries would look like the following:

wav
jpeg
jpg
gif

I made the code changes in the TempAttachment.pm file. I also modified the error message the user sees should they upload a file type not allowed.

Code:
# if ($CFG->{attachment_filters}) {
# for (@{$CFG->{attachment_filters}}) {
# (my $re = quotemeta) =~ s/\\\*/.*/g;
# $re =~ s/\\\?/./g;
# if ($attachment->{tempatt_filename} =~ /^$re$/i) {
# $self->{attachment_error} = GForum::language('ATTACHMENT_FILTERED', $_);
# return;
# }
# }
# }

if ($CFG->{attachment_filters}) {
my $match = 0;
foreach (@{$CFG->{attachment_filters}}) {
if ($attachment->{tempatt_filename} =~ /\.$_$/i) {
$match = 1;
last;
}
}
unless($match) {
$self->{attachment_error} = GForum::language('ATTACHMENT_FILTERED','');
return;
}
}
Quote Reply
Re: [Eric P] Specifying Allowable Attachments In reply to
Hi Eric,

Thanks for the code snippet. We'll certainly look at providing this in version 2.0 - probably in the form of a checkbox to change the filename list from excluded extensions to allowed extensions - so essentially you'll be able to choose whether you want to disallow everything except "a", "b", "c", or whether you want to only allow "d", "e", "f".

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com