Restricting File Extensions
Prior to FileCloud Version 21.2, Disallowed File Extensions listed php and php5 by default; from Version 21.2 on, it lists php, php5, phar, and phtml. If you are using a version of FileCloud earlier than 21.2, you are advised to add phar and phtml to the Disallowed File list. See Advisory 2021-09 Upload of Potentially Unsafe File Types for more information.
- This helps prevent users from uploading malicious attachments and viewing them.
By default FileCloud will restrict files with php extensions. This is to prevent any code injection.
To manage extensions in the Admin Portal:
- In the admin portal, go to Settings > Misc > General.
- Scroll down until you see the Disallowed File Extensions box.
- In the Disallowed File Extensions box, specify the restricted extensions.
This list of extensions must use the following character as the delimiter:
- '|'
For example, to add restrictions for mp3 and mp4 to the list of disallowed extensions:
php|php5|phar|phtml|mp3|mp4