I'm using Mantis 1.2.19 installed automatically through Plesk. I'm configuring Mantis on my server and I'm running into a small issue when testing the attachment uploader. I can't prevent users from selecting filetypes that I defined with $g_disallowed_files.
I followed the example in config_defaults_inc.php and added the following code in config_inc.php:
Code: Select all
# --- Attachments / File Uploads ---
$g_allowed_files = 'png,jpg,jpeg,txt';
$g_disallowed_files = 'php,exe,doc,docx,docm,hta,html,htm,js,jar,vbs,vb,pdf,sfx,bat,dll,tmp,py,msi,msp,com,gadget,cmd,vbe,jse,ps1,ps1xml,ps2xml,psc1,psc2,lnk,inf,scf,reg';
I tried using different variants of code to see if Mantis is expecting a different format.
Code: Select all
# Attempted following the example from config_defaults_inc.php
$g_allowed_files = 'png,jpg,jpeg,txt';
Code: Select all
# Attempted to verify if the file upload dialog box was expecting a period.
$g_allowed_files = '.png,.jpg,.jpeg,.txt';
Code: Select all
# Attempted to verify if the global variable was expecting an array, like $g_bug_report_page_fields does.
$g_allowed_files = array('png','jpg','jpeg','txt');
Code: Select all
# Attempted to verify array declaration
$g_allowed_files = ['png','jpg','jpeg','txt'];
Code: Select all
# Attempted to verify if an array and period is expected.
$g_allowed_files = array('.png','.jpg','.jpeg','.txt');
Code: Select all
# Attempted to use PHP's recommendation for Mime Type restriction
$g_allowed_files = array('image/jpeg', 'image/png', 'text/plain');
Code: Select all
# Attempted to implement filters that other programming languages use.
$g_allowed_files = 'Text files (*.txt)|*.txt|All files (*.*)|*.*';
I also verified that the global variables were available in version 1.2.19. According to
https://mantisbt.org/bugs/view.php?id=1473 the variables have been implemented since 0.17.2.
My next step is to look into file_api.php but I also wanted to check with the forum to see if I'm missing anything. I'm open to suggestions and recommendations. Thank you.