We have moved to GitHub Issues
Created by Sebastiaan Janssen 22 Feb 2017, 10:06:24 Updated by Renante Abril 29 May 2017, 15:27:46Tags: PR
Subtask of: U4-9609
<disallowedUploadFiles/> section in umbracoSettings.config).
It is difficult for us to decide on a whitelist of file types that people ARE allowed to upload but we could at least give people the option to lock down the security for their own purposes (for example: some companies would only allow files to be uploaded of type
txt, nothing else). So first the blacklist will be checked, anything on the blacklist will be blocked. Then, if the file isn't blocked already we can check the whitelist. If it's not empty then we check if the file is allowed.
So: blacklist first, anything on there will be rejected. If not already rejected then the whitelist kicks in and anything not on that will be rejected as well.
I don't understand, why keep the blacklist? Backwards compatibility? It seems like you could just use it as a fallback in case the whitelist is not being used.
PR for this here: https://github.com/umbraco/Umbraco-CMS/pull/1939
Once pulled in/reviewed/tested, this Docs PR needs to be pulled in https://github.com/umbraco/UmbracoDocs/pull/454/files
Tested, merged, docs merged, updated docs to note the config element is new in 7.6.2!
Backwards Compatible: True
Fix Submitted: Pull request
Due in version: 7.6.2
Sprint: Sprint 59