Not able to restrict other files from uploading in ElFinder

Question

I am using this configuration for my Elfinder to use with CKEditor.

$opts = array(
    // 'debug' => true,
    'roots' => array(
        array(
            'driver'        => 'LocalFileSystem',   // driver for accessing file system (REQUIRED)
            'path'          => '../../uploads/',         // path to files (REQUIRED)
            'URL'           => dirname($_SERVER['PHP_SELF']) . '/../../uploads/', // URL to files (REQUIRED)
            'accessControl' => 'access'  ,           // disable and hide dot starting files (OPTIONAL)
            'uploadAllow' => array('image/jpg', 'image/png'),
            'alias'      => 'Home',
            'mimeDetect' => 'internal',
            'imgLib'     => 'gd',
        ),


    ),


);

However, I am able to upload all the files even PHP files!! I only want images to be uploaded. I am not able to restrict the uploading. Where am I going wrong?

'mimeDetect' => 'internal' means extension based file type checking. So you should be able to upload *.jpg with php content, but you should not enable to upload *.php. — Lajos Veres, Oct 28 '13 at 18:59
I am able to upload PHP.. Like I said. I am able to upload everything!! :/ — Sankalp Singha, Oct 28 '13 at 19:23

Lajos Veres · Accepted Answer · 2015-08-12T20:30:01.560

5

Add:

'uploadOrder'=> array( 'allow', 'deny' )

Without this the default policy is allow if none of them matches.

According to: https://github.com/Studio-42/elFinder/wiki/Connector-configuration-options#wiki-uploadOrder

edited Aug 12 '15 at 20:30

answered Oct 28 '13 at 20:33

Lajos Veres

13,595
7
43
56

Thank you so much for this information!! I thought that that array( 'allow', 'deny' ) was the default value for it. – Sankalp Singha Oct 29 '13 at 12:00

Not able to restrict other files from uploading in ElFinder

1 Answers1