Page 1 of 2
[UNSOLVED] File types allowed in forum post attachments
Posted:
Jul 7th, '11, 11:06
by wobo
I tried to attach a related log file to a post in
viewtopic.php?f=15&t=725 - it did not work - file type was not allowed. So I looked in the forum settings in the ACP and found out that the only file types allowed are for images and archives. No plain text at all! Forbidden are such endings like ".txt" or ".log".
It is quite normal that certain file types are not allowed for sake of security and as measurement against people trying to supply illegal downloads. This goes without question (so why are archives allowed?). But plain text files such as config files, log files, etc. often are essential to show the problem and as essential for helpers to be able to pin-point the problem and to find a solution.
It is very easy to change that for an admin: In the ACP open the tab for "Posts", then open "File Tape Management". A few mouse clicks, done. I needed just 5 seconds to find it.
Should I file a bug report about this or is should I report the post to the admin?
Re: File types allowed in forum post attachments
Posted:
Jul 7th, '11, 16:55
by Max
Report the post to the admin, preferably in a PM.
This will ensure a faster response.
Re: File types allowed in forum post attachments
Posted:
Jul 7th, '11, 17:01
by doktor5000
That was a really good one. The same fast response he gives on PMs on other topics?
Then lets wait some weeks ...
Re: File types allowed in forum post attachments
Posted:
Jul 7th, '11, 19:25
by wobo
I used the little icon with the question mark which sends the report straight to the admin. As reason for the report I gave "I want to bring this request to your attention."
Max wrote:Report the post to the admin, preferably in a PM.
This will ensure a faster response.
LOL! Last PM I sent to the admin was in April 5th - still no reply. So I prefer to ring the official alarm. I used the little icon with the question mark which sends a report straight to the admin. As reason for the report I gave "I want to bring this request to your attention."
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 21:05
by maat
txt plain text is disabled by default phpbb config because text can be pasted into post area (better in [ code ] markup) so that people can see them without needing to download a file.
of course the log and txt files can be unlocked... but the benefits of the thing are not obvious for me at the moment.
I'm unlocking them but i'd be happy to understand why one would prefer to attach txt files instead of letting them in the post so taht users can read them without additional handling step
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 21:12
by isadora
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 21:29
by wobo
maat wrote:txt plain text is disabled by default phpbb config because text can be pasted into post area (better in [ code ] markup) so that people can see them without needing to download a file.
of course the log and txt files can be unlocked... but the benefits of the thing are not obvious for me at the moment.
I'm unlocking them but i'd be happy to understand why one would prefer to attach txt files instead of letting them in the post so taht users can read them without additional handling step
Of course, short pieces of config files or logs are better posted in code tags.
But the case which brought me to the request was the need to post a complete ~/.xsessions-error log file, which is quite long and only interesting for people who possibly know how to help / what to look for. Same goes for other long log files. Reading them in a large editor window is better than scrolling down hundreds of lines in a small code block. That was my main reason.
So, allowing .log would be enough.
BTW: Don't you think that allowing flash videos as attachments is a security risk? They are disabled by default in the phpbb3-Version we are using at MandrivaUser.de and I did not open that one there
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:04
by maat
flash can be harmful and i'd not have allowed it so easily as i did for txt/log
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:25
by wobo
You are quite right but I have a reason to ask this.
You say that your settings in the phpbb3 installation of Mageia are standard phpbb3. Is that right? Because they differ totally from teh settings in the German forum. I swear to all bibles you can bring in that I did not touch these settings! They were like this from installation on. So, either the German forum was not installed from the same source as the English forum or something "magic" happened to the settings in the English forum (I know that nothing was done to the settings in the German forum).
Be aware that ALL of the following file types are ALLOWED in the german forum, which is a potential security risk.
- Code: Select all
gif
jpeg
jpg
png
tga
tif
tiff
7z
ace
bz2
gtar
gz
rar
tar
tgz
torrent
zip
c
cpp
csv
diz
h
hpp
ini
js
log
txt
xml
ai
doc
docm
docx
dot
dotm
dotx
odg
odp
ods
odt
pdf
ppt
pptm
pptx
ps
rtf
xls
xlsb
xlsm
xlsx
ram
rm
wma
wmv
swf
3g2
3gp
m4a
m4v
mov
mp4
qt
mp3
mpeg
mpg
ogg
ogm
From your words "this is standard" Ithought that it would be the same in the German forumI It's not, as you can see. Now I wonder what other "standards" of the English forum are different in the German forum...
I'll spend tomorrow in the German ACP and look at the settings.
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:32
by maat
good question. side effect of puppet install ? in all cases it deserves at least an investigation !
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:33
by wobo
Yes, will do tomorrow, a walk in the ACP...
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:35
by wobo
How can I look in the English ACP to compare settings?
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:41
by maat
i'll compare settings
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:48
by wobo
No need to!
Sorry to upset everybody! I made a mistake today - I looked in the wrong place. I only looked in teh list of KNOWN filetypes, not in the list of ALLOWED groups/types.
So, the correct status is set. I only added log and txt and pdf (which does not seem to be a security risk).
Sorry, my fault!
Re: File types allowed in forum post attachments
Posted:
Jul 12th, '11, 22:51
by wobo
So, this thread can be marked as "solved"
Re: [Solved] File types allowed in forum post attachments
Posted:
Nov 26th, '11, 01:08
by doktor5000
@maat: It would be nice if you could also enable attachment of .conf files, like xorg.conf,
which is also quite lengthy and more convenient for users to upload the whole file
than copy&paste content and using code-Tags for it.
Re: [SOLVED] File types allowed in forum post attachments
Posted:
Nov 26th, '11, 19:15
by maat
Done iinm
Re: [SOLVED] File types allowed in forum post attachments
Posted:
Feb 23rd, '12, 16:57
by doktor5000
Need to pull this up again, seems still not solved for .log files, f.ex. take a look at:
viewtopic.php?p=14051#p14051 (and subsequent posts)
Another reason would be that the code-tags only allow for a certain amount of text, posting a bigger log file into there is possible,
but the part which is too much is just stripped without a notification IIRC. So bigger log files or config files need to be attached.
Re: [SOLVED] File types allowed in forum post attachments
Posted:
Mar 14th, '12, 16:31
by Max
We should mark this unsolved.
Apparently since svg files are plain text (xml) they are not allowed.
Re: [SOLVED] File types allowed in forum post attachments
Posted:
Mar 14th, '12, 17:19
by doktor5000
Well, for that it would be in general interesting to know if the forum software only respects a list of filename extensions,
like .txt, .log, .conf or if internally it uses something like magic/libmagic (
http://linux.die.net/man/5/magic )
Re: [UNSOLVED] File types allowed in forum post attachments
Posted:
Mar 22nd, '12, 15:28
by maat
.svg added for images
And file max size in currently 1M... i can extend it but 1M log file seems to me something rather large
what do you think ?
Re: [UNSOLVED] File types allowed in forum post attachments
Posted:
Mar 22nd, '12, 21:46
by Max
maat wrote:.svg added for images
No good with the svg.
It was not possible to determine the dimensions of the image.
And that's weird because the dimensions are explicitly given in the file.
- Code: Select all
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="214"
height="300"
id="svg2"
version="1.1"
inkscape:version="0.48.1 r9760"
sodipodi:docname="New document 1">
Re: [UNSOLVED] File types allowed in forum post attachments
Posted:
Mar 23rd, '12, 00:12
by doktor5000
OK, what about .conf and files with no extensions, as /var/log/cups/error_log ?
Can this size limited only be adjusted globally for all fileytpes?
Re: [UNSOLVED] File types allowed in forum post attachments
Posted:
Mar 23rd, '12, 00:19
by maat
Without a hack the size is a global parameter...
And files without extension will be problematic...
Re: [UNSOLVED] File types allowed in forum post attachments
Posted:
Mar 23rd, '12, 20:10
by doktor5000
My previous question was not answered yet, but would be helpful)
Well, for that it would be in general interesting to know if the forum software only respects a list of filename extensions,
like .txt, .log, .conf or if internally it uses something like magic/libmagic (
http://linux.die.net/man/5/magic )
Can you whitelist particular filenames or only extensions, or how is this handled?