Hi,
I've changed the _config.php files and added few lines so that we can't upload html files
$extensions = array_diff(File::config()->allowed_extensions, array('html', 'htm', 'xhtml', 'xml'));
Config::inst()->remove('File', 'allowed_extensions'); // Prevents config from merging the old array
Config::inst()->update('File', 'allowed_extensions', $extensions);
Config::inst()->update('File', 'apply_restrictions_to_admin', true);
But despite adding these lines I can still upload them into assets.
In the frontend when I add an html file it says "Extension is not allowed (valid: ace, arc, arj, asf, au, avi, bmp, bz2, cab, cda, css, csv, dbf, dmg, doc, docx, dotm, dotx, flv, gif, gpx, gz, hqx, ico, jar, jpeg, jpg, js, kml, m4a, m4v, mid, midi, mkv, mov, mp3, mp4, mpa, mpeg, mpg, ogg, ogv, pages, pcx, pdf, pkg, png, potm, potx, pps, ppt, pptx, prj, ra, ram, rm, rtf, shp, shx, sit, sitx, swf, tar, tgz, tif, tiff, txt, wav, webm, wma, wmv, xls, xlsx, xltm, xltx, zip, zipx)"
Not sure why its still allowing me to upload html files to asset/uploads.
Any help would be appreciated.
Thanks,
Mithun.