Allowed file types not working in moodle 3.9?

Allowed file types not working in moodle 3.9?

by Paul Lindgreen -
Number of replies: 8
Picture of Particularly helpful Moodlers

I tried restricting mp3 uploads by deleting the mp3 file type under Server->File types , but I can still upload mp3 as a teacher or admin. Am I doing something wrong? I expected to receive a warning after 'choose file'  in the first step?

environment: moodle3.9/windows2016/IIS/php7.3




Average of ratings: -
In reply to Paul Lindgreen

Re: Allowed file types not working in moodle 3.9?

by Paul Lindgreen -
Picture of Particularly helpful Moodlers
the restriction appears to only apply to submitted assignments, not course material uploaded by a teacher.
Average of ratings: -
In reply to Paul Lindgreen

Re: Allowed file types not working in moodle 3.9?

by Paul Lindgreen -
Picture of Particularly helpful Moodlers
I tried mp4 as well and got the same results.

Is there any method to prevent all users from uploading mp4 files to moodle?

We would like to disable mp4 for instance as we want users to use our streaming service, vimeo or youtube. Many larger files of mp4/m4a/pptx also throw a lot of 500 errors on our server for some unknown reasons too (should this post be in a different section related to performance instead of security?)
Average of ratings: -
In reply to Paul Lindgreen

Re: Allowed file types not working in moodle 3.9?

by Paul Lindgreen -
Picture of Particularly helpful Moodlers
after revisiting this feature I can submit Assignment that are mp4 even though the filetype was deleted here /admin/tool/filetypes/index.php

my only restriction is in the Assignment settings for file types, I cannot enter .mp4 as a teacher (see screenshot). But I can leave it blank which will then allow students to submit mp4. If I select Video mp4 is not in the list.

I cannot see significant benefit of deleting File types at the system level if a student and teacher can submit those file types?
mp4
Average of ratings: -
In reply to Paul Lindgreen

Re: Allowed file types not working in moodle 3.9?

by Paul Lindgreen -
Picture of Particularly helpful Moodlers
the hack at the following link appears to work, small code addition.
An array of acceptable filetypes is provided and a nice pop up warning occurs if you try to upload something not in the list
https://moodle.org/mod/forum/discuss.php?d=278392
Average of ratings: -
In reply to Paul Lindgreen

Re: Allowed file types not working in moodle 3.9?

by Eva Koperdakova -
Hello,
I have experienced the same issue. Moodle docs say that I can modify accepted file types using Home|Site administration|Server|File types, but removing all video filetypes does not work, teachers are still able to upload video files.
Is old "hack" working for 3.9?
What happens when you update moodle (security, as 3.9 is LTS)? Have to modify moodle/repository/upload/lib.php each time after update?
Average of ratings: -
In reply to Paul Lindgreen

Re: Allowed file types not working in moodle 3.9?

by Randy Thornton -
Picture of Documentation writers
The File types has nothing to do with permissions to upload. It is simply the list of standard MIME types so that your browser and Moodle then know what type of file it is (text, html, image, video, etc.) The official standard list is here: https://www.iana.org/assignments/media-types/media-types.xhtml.

This setting in Moodle is primarily useful if you have some file type that may not be listed already, for example, file types from content companies or other education specific file types not in general use, so that you can then configure Moodle how to handle it.

Removing a file type from the list does not prevent its being uploaded, it only makes it harder for the browser and Moodle to know the file type and handle it appropriately by invoking the proper type of viewer or player.

To control upload in Moodle you need to find the settings where it is being uploaded to restrict those, if you can. The one place you can do this currently is in Assignment for student submissions. A site-wide ability to handle this has been proposed but not completed, see Tracker MDL-44392 and this as well MDL-54716 for control of all student uploads.

The only way to restrict file type uploads globally in all of Moodle that I know if is to configure your web server and/or PHP to reject certain file types.
Average of ratings: Useful (1)
In reply to Randy Thornton

Re: Allowed file types not working in moodle 3.9?

by Eva Koperdakova -
Thank you for response. I figured it out, but it was not that clear when reading https://docs.moodle.org/400/en/Manage_file_uploads
I am aware of possible restrictions toward students. I know teacher is able to reduce file types for students regarding file upload in activities.

Unfortunately, I am an administrator, not teacher. I have some "misbehaving" users - teachers uploading heaps of 50MB videos (lectures) directly to moodle and it adds together about 10GB in single course. So the course is huge. Not only one.
Of course they have instructions where to store video files, written guides... but academics often think, they're clever and do not listen to what administrators say.
Average of ratings: -
In reply to Eva Koperdakova

Re: Allowed file types not working in moodle 3.9?

by Randy Thornton -
Picture of Documentation writers
Eva,

Having been both an academic and an administrator, I know exactly what you mean. There are no good tools to manage files internally in Moodle, not even good reports to know who is uploading what when and where.

I will add one more thing to the original post:

if you actually delete a file type from the Server > File types list, then it will REMOVE that option from the list of files that you can set as Allowed in the Assignment file uploads (in Site admin > Plugins > Activity modules > Assignment > File submissions > Default accepted file types.) The File submission list draws from the Server file type list. You can confirm this yourself by deleting one of the types and see that it no longer appears on that list for Assignment file submissions.

So you should not delete items from the File types list if you plan to actually allow or block those on student uploads for Assignments. If you insist on deleting one, I would advise documenting its settings before you do so, in case you later need to add it back.
Average of ratings: -