WordPress.org

Ready to get started?Download WordPress

Forums

BuddyPress Group Folders
Security: Check file extensions / allowed mime type (4 posts)

  1. Fee
    Member
    Posted 1 year ago #

    Hello Ruuttu,
    here is another patch for a little bit more security: Check the uploaded file against allowed file types.

    inside function find_filename() after line 376:
    $extension = strrchr($name, '.');
    add this:

    /* check for allowed extensions / mime type */
    $ext = substr($extension,1);
    $mimes = get_allowed_mime_types();
    $mime_ok = false;
    foreach ($mimes as $type => $mime) {
    	if (strpos($type, $ext) !== false) {
    		$mime_ok = true;
    	}
    }
    if(!$mime_ok)
    	return false;

    http://wordpress.org/extend/plugins/buddypress-group-folders/

  2. nathanegraham
    Member
    Posted 1 year ago #

    Great work on these additions, Fee.

  3. tianchx
    Member
    Posted 1 year ago #

    Also we can define some file extensions that can be uploaded to group file folder. Fee's code can be modified like this(you can define your own permitted file extensions):
    //////////////////////////////
    $ext = substr($extension,1);
    $ext = strtolower($ext);
    $mimes= array('rar','zip','jpg','gif','pdf','png','bmp','ico','tar','gz','gzip','7z','doc');
    $mime_ok = false;
    if (in_array($ext,$mimes)) $mime_ok = true;
    if(!$mime_ok)
    return false;
    //////////////////////////////////

  4. HansRuedi
    Member
    Posted 1 year ago #

    Hi Rudolf,

    Based on that code would it be possible for you to provide a version with an input field in the gfold backend settings for allowed file extensions?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic