upload filter

[Mars]

Rejetto

uploads for hfs.diff.tpl  give  "File name or extension forbidden"   GOOD

but it is possible to overwrite vfs file and hfs.ini by upload          DANGEROUS

[Foggy]

Rejetto

uploads for hfs.diff.tpl  give  "File name or extension forbidden"   GOOD

but it is possible to overwrite vfs file and hfs.ini by upload          DANGEROUS

You'll manually have to set them in the upload filter, but it couldnt hurt to have *.vfs and hfs.ini default in the filter aswell.

[rejetto]

uploads for hfs.diff.tpl  give  "File name or extension forbidden"   GOOD
but it is possible to overwrite vfs file and hfs.ini by upload          DANGEROUS

the tpl is forbidden by default because it is normal to have such file in an upload folder, to customize it.

if you are able to describe a situation where the user is NOT FOOL and needs to put the vfs/ini inside the upload folder, then i'll consider it

[Mars]

if you are able to describe a situation where the user is NOT FOOL and needs to put the vfs/ini inside the upload folder, then i'll consider it

For the vfs / ini: it is possible by mistake to put the file of hfs.exe unprotected upload and to crush the corresponding files for every user, thus all the server

the tpl is forbidden by default because it is normal to have such file in an upload folder, to customize it.

On the other hand it should be possible to be able to uploader a hfs.diff.tpl file for the persons authorized by the administrator of the server.

We can envisage a server on which the directories are created for every type of template existing and being able to be updated in distant for the last versions by their owner and in only reading for the others

[rejetto]

if you are able to describe a situation where the user is NOT FOOL and needs to put the vfs/ini inside the upload folder, then i'll consider it

For the vfs / ini: it is possible by mistake to put the file of hfs.exe unprotected upload and to crush the corresponding files for every user, thus all the server

"by mistake" is the way you describe the situation.
my advice is to keep away any gun from your bedside table.

We can envisage a server on which the directories are created for every type of template existing and being able to be updated in distant for the last versions by their owner and in only reading for the others

that's not exactly what we are aiming to at the moment.

[Winxptk]

None of This explains how to create a fillter....


EXAMPLE:
I want all people who don't have a login to be restricted to uploading a file to only one dir "Public"   {DONE}  No filltering everything execpt .gif



I want only .gif to be uploaded....how do I do this?

[Foggy]

I want only .gif to be uploaded....how do I do this?

I think tou had to invert the logic with a /
so you should try "/*.gif" in the filter and see if that works.

[rejetto]

\
not /

this topic didn't meant to be a guide
the official documentation on how to write filters is here
http://www.rejetto.com/wiki/index.php?title=HFS:_File_masks

[Foggy]

lol, Thanks for correcting me rejetto.

[Mars]

filter for upload is by default  \HFS.* all files begining by hfs. are not allowed,

changing this default by * will enable overwrite files like hfs.diff.tpl in a sub folder

function complyUploadFilter():boolean;
  var
    s: string;
  begin
  if f.isTemp() then s:=f.parent.uploadFilterMask
  else s:=f.uploadFilterMask;
  if s = '' then s:='\hfs.*'; // the user can disable this default filter by inputing * as mask
  result:=fileMatch(s, optAnsi(tpl.utf8, conn.post.filename));
  if result then exit;
  data.uploadFailed:='File name or extension forbidden';
  end; // complyUploadFilter