Closed markstuart closed 4 years ago
How easily could this be adapted to enforce a whitelist, instead of a blacklist?
How easily could this be adapted to enforce a whitelist, instead of a blacklist?
I imagine that wouldn't be too difficult now that the structure is in place for determining the mimetypes and extensions. The mimetype extension configuration could still be useful for that as well. I guess you'd have another config item that defined the whitelist and if it was provided you'd block by default unless the file extension or mime type was in the whitelist.
However, our client specifically asked for blacklisting functionality given the fairly wide range of file formats that users provide, if you're keen you could throw up a PR once this one is merged?
This feature tightens up the types of allowed files for resource uploads by excluding .exe files.
It provides user feedback if the uploaded file is blacklisted.
See README changes for more information.