Restrict allowed upload file types, default to images only
Talkyard by default shouldn't let people upload anything else than images — most other file types are a bit risky, e.g. some PDF readers can ececute embedded Javascript.
Seems this will be fixed in the next or next-next version.
I'm making allowed upload file size and allowed file types configurable per user group — so one can, for example, let Trusted Members or Core Members, upload more different file types, or prevent new members from uploading anything at all. @phoenix
In reply toKajMagnus⬆:KajMagnus @KajMagnus2020-12-03 13:33:04.640Z2020-12-03 14:08:04.220ZNow here at Ty .io,
.jpgand other image types should work, but not other types. Let's try with an aardvark<!-- Uploaded file name: aardvark-test-pic.jpeg -->
But these won't work:
badext.docxbadext.phpetc.This'll be available in self hosted installs tomorrow? or the day after tomorrow
(Although it's cute, it's not my aardvark — it's from a Disney blog,
https://disneyparks.disney.go.com/blog/2016/01/wildlife-wednesday-meet-willie-the-aardvark-at-rafikis-planet-watch/)- In reply toKajMagnus⬆:KajMagnus @KajMagnus2020-12-05 11:46:09.590Z2020-12-05 11:52:43.952Z
Now this should work, Jeff @phoenix — if you try to upload a
.pdfor.docxdocument, then, there sould be a Not-an-allowed-file-type error dialog. (I accidentally removed spaces "If you want to, you can try and see if it works — your server ought to have upgraded itself, and by default only
jpg jpeg png gifshould be allowed, now. (You'll need to reload any Talkyard page you might have open already.)Here's the page where admins can configure permissions for all members:
https:// talkyard server addr /-/groups/all_members/permissionsAbout max upload size: For on-prem servers, there's a configurable Nginx hard limit at 25 MiB, so more than 25 MiB won't work.
- Progresswith handling this problem
