Hi
I would like to restrict the permitted upload file
types to a certain white list of my own, not the default one by moodle
I don't mean a certain component or course - I mean the moodle site.
I don't want to allow anyone to ever upload any file type that is not in my
whit list.
and this is regardless if the user is an administrator role or other.
is there anywhere in the administration menus I can config that ? there must be a place for that.
I'm using moodle 2.7
I don't mean only a certain component or course - I mean the entire moodle site , which includes all courses and components.
everything.
anyone ?
There's no facility for that.
There's an open tracker for this in Assignment - https://tracker.moodle.org/browse/MDL-39913
As a matter of interest, why? Perhaps there's another way to resolve your underlying problem!
the reason is because it's a giant security loophole.
a white list of accepted file types of my choosing MUST be a default.
and I can't use any system administrator to do it, it must be done either in the administrator panel or by PHP code and I"m a programer
"It's a giant security loophole" isn't a reason. It's an opinion (your opinion)
It's not a problem for any of the other thousands of Moodle users. Perhaps you might like to expand on your reasoning a little?
There's a new user interface in Moodle 2.9 for specifying file types (Site admin > Server > File types). It doesn't do what you want but it would be the place for it to go if it did. Perhaps you could develop/propose an extension to this? A tracker report is the place to start.
Oh, and please refrain from posting the same question in three different forums
sure, I'll elaborate:
I want to prevent scenario in which a malicious file is uploaded by a certain user and then downloaded by another.
when I let each assignment/plugin/mod define which file types can be uploaded - this scenario might happen if there configuration is loose and permits uploading .exe files for example.
I feel I have the responsibility of protecting my moodle users from these harmful files and I want to prevent the above.
and not all anti viruses can detect malicious files like the one I'm afriad of.
where can I read about the file types option in the new user interface in moodle 2.9 ?
is there a way to have this in moodle 2.7.5 too ?
sorry for posting in other forums, I'll try to keep this thread non code and user interface only.
Firstly, I've never heard of this being a real problem (and I've heard a lot of Moodle problems) so please consider if you are just being paranoid. Other than that, I can imagine situations where you might be paranoid for good reason.
I also don't recall this being discussed before. The new feature I mention is simply to control the mimetypes of all the supported files, not to control them in any way. However, it seems (to me) to be a logical place to also apply a global filter to file types if one was going to. The tracker report for the development is this - MDL-42616
What you are talking about is a new feature regardless, so I would start by raising a new tracker report outlining your proposal.
On the subject of multiple forum postings, I appreciate it's not always easy to choose the best one. However, I would choose the best fit and we'll move it later if the direction changes. The problem is that if you start multiple threads you get fragmented replies and confusion rules.
One reason we'd like a restriction for certain assignments is so teachers can utilize the Annotate PDF feature in Moodle. We do ask kids to submit PDFs for essays but then you get those few who forget to convert, which wastes teacher time. Some type of restriction for "PDF required" would be a nice reminder for students.
+1 for this option, this is one of the basic needs for all websites, I don't understand why its still not implemented!.
If someone could point it out where to add the code it will be more helpful for time being.
or if we can put in config.php like $CFG->accepted_types ..?
