In Moodle 1.9.7, is it possible to somehow specify a white-list of the allowed extensions for the user uploaded files?
A:
Looking at the source, there is no built in way to limit filetypes when modules use the upload_manager to process the uploaded files. There also is no use of any mimetype detection based on content of the files. The filelib libraries in moodle base their mimetype on file extension.
A neat way to do this for a module while is using the moodle upload manager object, would be to write a new class which extends the existing upload_manager class, and add some validatation based on file content.
Something like the following - you'll need to tidy this up a bit, and complete it with your own validation code.
class upload_manager_strict extends upload_manager {
var $allowed_types
function upload_manager_strict($inputname='', $deleteothers=false, $handlecollisions=false, $course=null, $recoverifmultiple=false, $modbytes=0, $silent=false, $allownull=false, $allownullmultiple=true, $allowed_types=null) {
$this->allowed_types = $allowed_types;
parent::upload_manager_strict($inputname, $deleteothers, $handlecollisions, $course, $recoverifmultiple, $modbytes, $silent, $allownull, $allownullmultiple)
}
function validate_file(&$file) {
$status = parent::validate_file(&$file);
if ($status) {
// do some mimetype checking and validation on the file $file['tmp_name']
// could use $this->allowedtypes
}
return $status;
}
}
digitalsean
2010-07-15 14:27:37