widelands-dev team mailing list archive
Mailing list archive
Re: [Merge] lp:~widelands-dev/widelands-website/pybb_attachments into lp:widelands-website
Currently there is no restriction on file types. The problem is that a file may not contain what the extension says it should be. Everyone can rename 'image.js' into 'image.png'...
A list of allowed extension do not suffer. I'll try to implement some checks for validating a files type and probably an 'allowed extension list'.
What about restricting uploads to users who have written x posts prior? From my side this can be implemented.
Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/pybb_attachments into lp:widelands-website.