Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By godo on
I would like to permit to authenticated users upload all type of files, not only: jpg jpeg gif png txt html doc xls pdf ppt pps. They can upload ".bashrc" ".emacs", etc., too.
I have tried to write in that option this:
Permitted file extensions: *
Permitted file extensions: "empty"
but authenticated users can not upload "all type of files". Is it possible? What can I do to permit all?
Thanks.
--drupal 4.6.3
Comments
Same problem.
I have the same question. The attachment module will allow you to upload a file of any type.
However, the attachment module has the tradeoff of being unable to transfer files through drupal, so they can be accessed without logging in.
change line 187 of
change line 187 of modules/upload.module from
if (!preg_match($regex, $file->filename)) {to
if (!preg_match($regex, $file->filename) && $extensions != '*') {Now, the asterisk will function as a a wildcard for allowing any file extension.
4.7.0 Line 293
// $Id: upload.module,v 1.100 2006/04/27 19:32:54 unconed Exp $
The nearest match I could find is line 293 of upload.module in Drupal 4.7.0.
I've applied the patch and it appears to work OK.
I hope you trust those users
I hope you trust those users, as they might be able to run code on your server (although the created .htaccess mitigates the issue somewhat for certain Apache configurations).
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.
Works in Drupal 5.3
Thanks for this good idea. I just found and patched the same line in Drupal 5.3, and it seems to work just fine.
Should be part of the Drupal core, I think.
Hans-Georg
Bad Idea
This is a very bad idea (<nuance>depending on who your users are</nuance>).
They can use the ability to upload all file types, by uploading HTML and executing a cross site scripting attack. Or, if going the easy route to harm, they can upload .rb, .py, .php5 or other files that are happily executed by the webserver.
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.