Upload files without restriction of extension

Last post 12-12-2008, 2:47 AM by Kai2. 5 replies.
Sort Posts: Previous Next
  •  12-09-2008, 2:15 AM 46672

    Upload files without restriction of extension

    Hi all,
     
    in CuteSoft_Client\CuteEditor\Configuration\Security\Default.config section '<security name="DocumentFilters">'I could define which file types are allowed to upload. By default these are .txt, .doc, .pdf  etc. In my Intranet application I don't want to restrict the files to be uploaded so I want to accept every file. With CuteEditor 6.0 I just deleted the existing <item>-entries and added new ones like these: <item>a</item>, <item>b</item>, <item>c</item>.... With CuteEditor 6.2 this does not seem to work anymore. So how could I allow uploading all files?
     
    Thanks
    Kai

    .net Framework 4.0 / ASP.net / VB / CuteEditor 6.7 / SQL 2005
    Filed under: ,
  •  12-09-2008, 9:07 AM 46680 in reply to 46672

    Re: Upload files without restriction of extension

    Kai,

    >>So how could I allow uploading all files?

    No, we don't allow upload all types of files.

    We have an internal files type array which contains all the files allowed to upload.  Even you add <item>.myfiletype</item> into the security policy file, this file type will be restricted if it's not in that array.

    We don't want cute editor used as a hacker tool because the file upload function is so powerful.
     
    We suggest you use FTP to upload those files.  

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  12-09-2008, 9:19 AM 46682 in reply to 46680

    Re: Upload files without restriction of extension

    Hi Adam,
     
    I guess there is a misunderstanding. I don't want YOU to allow uploading all files on your site (cutesoft.net). 
     
    I want to allow my users in my intranet to upload all files they want. So there is nothing you have to worry about. I only need to know how I could configure my CuteEditor to allow uploading all files. FTP is not an option ;-)
     
    Thanks
    Kai

    .net Framework 4.0 / ASP.net / VB / CuteEditor 6.7 / SQL 2005
  •  12-11-2008, 6:50 AM 46804 in reply to 46682

    Re: Upload files without restriction of extension

    Hi Adam,
     
    any news?
     
    Thanks
    Kai

    .net Framework 4.0 / ASP.net / VB / CuteEditor 6.7 / SQL 2005
  •  12-11-2008, 1:01 PM 46823 in reply to 46682

    Re: Upload files without restriction of extension

    1. No, we don't allow upload all types of files to prevent cute editor used as a hacker tool because the file upload function is so powerful.

    We have an internal files type array which contains all the files allowed to upload.  Even you add <item>.myfiletype</item> into the security policy file, this file type will be restricted if it's not in that array.
     
    2. In the next version, we will add an option to turn this feature off so you can upload any file type you like.

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  12-12-2008, 2:47 AM 46846 in reply to 46823

    Re: Upload files without restriction of extension

    Hi Adam,
     
    ok, thanks for clarification, even though that's sad news :-( and I don't understand: If the customer wants to allow all files I find it strange that the tool forbids it.... ?
     
    1. However, is it possible to get the list of restricted file types so I can judge whether I want to deploy 6.2? I don't want to get in trouble with my customer when I implement 6.2 and they want to upload e.g. a Javascript file but this is forbidden.
    2. Do you already have a rough schedule when the new version will be available?
     
    Thanks
    Kai
     
    P.S. If you don't want to publish this list via Forum please feel free to send via Email.

    .net Framework 4.0 / ASP.net / VB / CuteEditor 6.7 / SQL 2005
View as RSS news feed in XML