Reported by Simon Gareste, Nov 18, 2011
Currently, the only way to add extensions available is to go in the install folder, in Form/Upload.php and add the extension to the clean_file function. I think this should be made much more configurable, except is there was a reason behind this behavior, in which case I would like to know why.
Comment 1 by Thomas Keller, Nov 18, 2011
I think this is not quite the issue. You can, in fact, add more extensions via the configuration variable 'idf_extra_upload_ext' which is used everywhere, but your original issue was that you cannot upload files without an extension. My problem with this kind of "pseudo-security" is basically that such a list is never complete nor does it make the user's life any more save. And in case the forge owner wanted to restrict the allowed upload types to a couple file extensions he'd have to hack the various upload forms by hand anyways, because many extensions are always added unconditionally to the list of allowed extensions right now. So the real question is: What are upload extension restrictions really good for? Shouldn't the browser take care of the security and shouldn't we only take care of mime-types (at most) to send the correct Content-type: header in case of a download?
Comment 3 by Thomas Keller, Nov 22, 2011
Its actually related, yes. Thanks for the pointer.