Allow to upload only images

  • Resolved desert333

    (@desert333)


    8 years, 2 months ago

    As per title, in ninja firewall there is option to enable/disable uploads.

    Do you have or can make security options to allow only images (we can specify which images like only – JPG JPEG GIF PNG) to be uploaded (maybe by adding deny allow values in htaccess for specific images allowed to be uploaded). All other files including scripts, php, ELF, binaries, css, js, htaccess, etc. are disabled.

    – There must be also security check “getimagesize” to validate if this is image or not, then drop the file if this is not picture

    – malware/virus scan of uploaded images on the go

    – other security options for image related uploads

    Thanks

Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    We do not plan to add such features in the WP Edition because in the premium WP+ Edition of NinjaFirewall, there is already the possibility to allow uploads but to reject dangerous files such as scripts (PHP, CGI, Ruby, Python, bash/shell, C/C++ source code), ELF (Unix/Linux binary files) and system files (.htaccess, .htpasswd and PHP INI). The WP+ Edition will also soon have an option to forward uploaded files to a script (it could be an antivirus or any kind of script or program).

    If you want to be sure uploaded files are images, you should probably reprocessed the file, change its name and save it instead of the original one.
    Note that using getimagesize is very easy to bypass, so I would not recommend to rely on it.

Viewing 1 replies (of 1 total)
  • The topic ‘Allow to upload only images’ is closed to new replies.