Prevent Extension Bypass

  • locustsdnbhd

    (@locustsdnbhd)


    6 years, 8 months ago

    How can I prevent someone to upload a modified restricted extension via the contact form?
    For instance I wanted to restrict exe and allow pdf and the uploader modified the resume.exe to resume.pdf. How can I prevent this?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Neil Murray

    (@buzztone)

    6 years, 8 months ago

    Contact Form 7 applies default restrictions for file type and file size when you do not set the filetypes: and limit: (file size) options explicitly. Default acceptable file types (extensions) are: jpg, jpeg, png, gif, pdf, doc, docx, ppt, pptx, odt, avi, ogg, m4a, mov, mp3, mp4, mpg, wav, and wmv.

    See File Uploading and Attachment for instructions on how to restrict this.

    Thread Starter locustsdnbhd

    (@locustsdnbhd)

    6 years, 8 months ago

    What if I set the filetypes to only jpg and want to restrict all other extension.

    BUT the uploader still able to upload other file types by modify the extension.

    For instance image.pdf, this suppose not accepted if I set the filetypes to jpg only. But they can modify the image.pdf to image.jpg.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Prevent Extension Bypass’ is closed to new replies.