Prior to FileCloud Version 21.2, Disallowed File Extensions listed php and php5 by default; from Version 21.2 on, it lists php, php5, phar, and phtml. If you are using a version of FileCloud earlier than 21.2, you are advised to add phar and phtml to the Disallowed File list. See Advisory 2021-09 Upload of Potentially Unsafe File Types for more information.
- This helps prevent users from uploading malicious attachments and viewing them.
By default FileCloud will restrict files with php extensions. This is to prevent any code injection.
To manage extensions in the Admin Portal:
- Log into Admin Portal.
- From the left navigation panel, select Settings.
- On the Settings screen, select the Misc. tab, and then the General tab.
- Scroll down until you see the Disallowed File Extensions box.
- In the Disallowed File Extensions box, specify the restricted extensions.
This list of extensions must use the following character as the delimiter:
For example, to add restrictions for mp3 and mp4 to the list of disallowed extensions: