davidir

Hi Patrick,

Thanks for the reply. It was easy to reproduce but if you didn’t reproduce that could be 1)an external issue due other plugins, 2)from the wp 5.5.1 version, 3)something related with the security or 4) from server configuration. In this step I can’t tell you more information.

We had to put some code in the front code to disable those extensions to be selectable. At this point I don’t know how to move forward with this. Extra ideas?

We applied your solution and it’s working now.

Do you have in your roadmap to change this to have something more estable due to be more flexible for not to force to customize the code from a plugin or moving to embed the code in the theme?

Regards,

David

Sorry for the delay. We were been doing an OWASP penetration test due to certificate our website to the rules of an insurance company.

Sometimes the ‘svg’, ‘gz’, ‘json’, ‘ttf’, ‘eot’, ‘woff’ extensions are used to insert some ransomware from hackers for example and the idea was to disable this type of files to be uploaded. From the owasp protocols recommends to filter this type of files extensions to be uploaded to a website form regular public users.

When we tested the upload control after you select the valid file extensions from the upload control those irregular extensions were been selectable too.

Finally we had to introduce some code on top the Forminator plugin due to filter those extensions but we thought the file extension selector was filtering all the extensions not in the list or not selected.