uploaded is not allowed
Start Topic
hamid

uploaded is not allowed

By hamid on Jun 25, 2012 at 6:41 AM 4 Vote 0 Votes

hi
when i want to upload a file that not ziped this message Is shown

An error occurred
The file(winrar.exe) you uploaded is not allowed.

Whether there is a setting to do?
thanks for help

Reported on Movable Type 5

4 Replies

| Add a Reply
  • Mihai Bocsaru
    Mihai Bocsaru | June 25, 2012 10:02 AM | Reply

    Hi Hamid,

    Since movable type v4.361, v5.051 and v5.11 Six Apart introduced a mechanism which to prevent the upload of a specific set of file names.

    The extensions that are not allowed are listed inside this file:
    /lib/MT/Core.pm

    From within your movable type installation folder.

    To give you a sample, movable type v5.14 black lists the following extensions:

    ascx,asis,asp,aspx,bat,cfc,cfm,cgi,cmd,com,cpl,dll,exe,htaccess,htm,html,inc,jhtml,js,jsb,jsp,mht,mhtml,msi,php\d?,phps,phtm,phtml,pif,pl,pwml,py,reg,scr,sh,shtm,shtml,vbs,vxd,pm,so,rb,htc

    To still allow the upload of files ending in .exe you would have to add to your movable type installation 'mt-config.cgi' file the following directive:

    DeniedAssetFileExtensions ascx,asis,asp,aspx,bat,cfc,cfm,cgi,cmd,com,cpl,dll,htaccess,htm,html,inc,jhtml,js,jsb,jsp,mht,mhtml,msi,php\d?,phps,phtm,phtml,pif,pl,pwml,py,reg,scr,sh,shtm,shtml,vbs,vxd,pm,so,rb,htc

    Which is basically the complete list of extensions from "Core.pm", excepting the .exe one.

    While you could set this directive to overwrite the default list of banned extensions, what I would do is to not touch that, but to archive .exe files and upload their .zip corresponding files.

    You could read more about the "DeniedAssetFileExtensions" configuration directive here:

    http://www.movabletype.org/documentation/appendices/config-directives/deniedassetfileextensions.html

    Kind Regards,
    Mihai Bocsaru

    ----------------------------------
    Daily Movable Type Consultant

    Web Development
    Movable Type Consulting
    Six Apart Partner

    http://www.pro-it-service.com/
    ----------------------------------

    Movable Type Demo
    http://www.movabletypedemo.org/

  • Mihai Bocsaru
    Mihai Bocsaru | June 25, 2012 10:08 AM | Reply

    As an alternative to "DeniedAssetFileExtensions" you may like to consult this other directive:

    http://www.movabletype.org/documentation/appendices/config-directives/assetfileextensions.html

    This other directive is for white listed files types.

  • hamid
    hamid | June 27, 2012 9:05 PM | Reply

    thanks mihai

  • Mihai Bocsaru
    Mihai Bocsaru | June 27, 2012 10:30 PM | Reply

    You're welcome, Hamid!

Add a Reply

If you need to share template code, replace all the "<" signs with "&lt;" or use this utility.

Forum Groups

code.sixapart.com

137 479

Last Topic: Getting a thumbnail with xpath by Peter on Mar 13, 2011

238 797

Last Topic: Manifest Schema Compatibility Issue When Restoring Blog by Matt on Oct 17, 2012

1858 6594

Last Topic: Categories and Basename Publishing Issues by e21media on Oct 25, 2012

88 307

Last Topic: absolute publish date in Manage Entries screen by .mau. on Apr 18, 2012

1488 5347

Last Topic: Anti-cloning by .mau. on Oct 29, 2012

732 3093

Last Topic: Blog moved server - now users cannot access blog? by mowgs on Oct 30, 2012

89 317

Last Topic: How to "pretify" a url in htaccess with a few wildcards by Caio on May 30, 2012

183 771

Last Topic: Commenting with TypePad by Rob Ferrara on Oct 17, 2012

212 680

Last Topic: Does MT-Approval work in MT5? by DLpres on Sep 25, 2012

27 100

Last Topic: Upgrading MT by Caio on Oct 15, 2012

49 224

Last Topic: Movable Type 6 Ideas by Caio on May 28, 2012

65 248

Last Topic: Expanding new rich text editor and implementing table function by Takeshi Nick Osanai on Jul 30, 2012