Can we expand the allowed file types?
Posted: Tue Jan 14, 2014 4:18 pm
The restriction on what file types are allowed for attachments cause undue problems. I think they should be removed entirely--or at least expanded to include .csv and .txt text files.
The restrictions don't help: it's a simple test on the file name; a moderately sophisticated user can already attach any type of file just by changing the file name.
If someone attaches an inappropriate file, we can handle it by notifications and a moderator can delete the file--just as we already do.
The restrictions complicate and confuse new/beginning users when we ask them to attach a file; for example:
viewtopic.php?f=9&t=66947
If the user needs to attach a text file, we have to explain and they have to figure out how to zip the file, or change the name.
As far as I can see, the change(s) can be made through the admin control panel (no sysadmin needed) but I don't understand the permissions screen(s) clearly to do it myself. I don't see any single setting that says "allow any file" but maybe I missed it.
It might be possible for a bad actor to attach a malicious file of some kind by editing an old post; I don't know if that change would bump the post/thread up to the "new/changed" threads where someone would be likely to see it. But that's already possible so it's no worse at least.
The restrictions don't help: it's a simple test on the file name; a moderately sophisticated user can already attach any type of file just by changing the file name.
If someone attaches an inappropriate file, we can handle it by notifications and a moderator can delete the file--just as we already do.
The restrictions complicate and confuse new/beginning users when we ask them to attach a file; for example:
viewtopic.php?f=9&t=66947
If the user needs to attach a text file, we have to explain and they have to figure out how to zip the file, or change the name.
As far as I can see, the change(s) can be made through the admin control panel (no sysadmin needed) but I don't understand the permissions screen(s) clearly to do it myself. I don't see any single setting that says "allow any file" but maybe I missed it.
It might be possible for a bad actor to attach a malicious file of some kind by editing an old post; I don't know if that change would bump the post/thread up to the "new/changed" threads where someone would be likely to see it. But that's already possible so it's no worse at least.