Not exactly an issue, but rather a suggestion, related to this issue. How about we disallow HTML/JS for upload completely? I can't see any compelling reason for them to be there in the first place.
I'm proposing something like this for mod/ojt/uploadfile.php:
Not exactly an issue, but rather a suggestion, related to this issue. How about we disallow HTML/JS for upload completely? I can't see any compelling reason for them to be there in the first place.
I'm proposing something like this for mod/ojt/uploadfile.php:
$fileoptions['accepted_types'] = array( 'video', 'audio', 'archive', 'spreadsheet', 'presentation', 'document', 'image', );