Forums

Does anybody have any tips on securing the upload functionality for files please? I'm hoping to allow for images to be uploaded in any format but to avoid extensions being manipulated to allow for website hacks/viruses being submitted etc?
​
Thanks🙂

You could use a custom PHP block to run whatever checks you like on $_FILES["files"]["filefield"]
​
The upload action is also able to check extensions.

Hi indieben,
​
I think that you can also upload them to a folder above the site root so that they can't be easily accessed.
​
Bob