Restricting File Uploads by Type

[baldguy]

Using CMSMS 1.9.2

Is there any way to restrict the types of files that can be uploaded in the Image Manager (and by extension, the File Manager)?

It seems that only image files will display in the Image Manager, but you can upload any file type in both the Image and FIle Manager, including .exe files.

The only control I can see is in Group Permissions, where I can assign Modify FIles to "yes" or "no". I would like to be able to allow a user to upload a file when they are adding/modifying a page, but restrict it to a .jpg, .png, .pdf, or .doc. Am I missing a setting somewhere that specifies this?

Thanks!

[jmcgin51]

I don't believe you can restrict by filetype for the core File Manager or Image Manager. If you use the Uploads module, you can restrict the file types that a user can upload. IIRC, you can create a "master" list of allowed file types in the admin, and then you can further restrict front-end uploads by specifying the allowed types in the front-end upload form itself.

[baldguy]

Thanks for the heads-up on that module. It looks like it might do the trick, although it would be nice to have the option to disable the Time Limited Access (not necessary for what I want to do).

What I'm trying to do is to set up a demo site that my clients and prospective clients can use to try out the system (with the configuration and modules that I've preset). I'd like them to be able to upload an image to see how easy it is, but I don't want them to upload a malicious file and execute it.

Maybe instead I'll just put a few sample items in the uploads/images folder and restrict the upload privileges. Would make my life easier!

[jmcgin51]

Time Limited Access is an optional feature of the Uploads module, not something you have to make use of.