The Mighty Blog

How to Upload Restricted File Types in DotNetNuke

Feb13

Written by:Will
2/13/2009  RssIcon

I am answering a common question on the DotNetNuke forums. There is a bit more to think about when uploading a restricted file type, other than just enabling it.

DotNetNuke comes with quite a few security features right out of the box.  One of those security features is not allowing the uploading of uncommon or harmful file types.  Why would this be a security feature?  Simple.  There are several file types that could be uploaded to your website that would be able to execute code directly against the web server and/or the database server.  As you might imagine, that is not a good thing.

Before We Change the Setting

It is actually quite easy to upload restricted file types in DotNetNuke.  But before we do, we probably need to consider a couple of questions:

  1. Is the file absolutely necessary?
  2. Are the contents of the file trusted?
  3. Will we need to upload this same file type again in the future?

These questions are very important and should be considered before continuing.  First of all, you probably already have #1 answered if you're reading this.  Let's move on.

Learing if the contents of the file are safe in many ways is an acquired skill.  If you are unsure if the file and it's contents can be trusted, you may need to consult with your favorite techie friend.  For the most part, common files that you work with on a daily basis are probably safe.

Finally, if we only need to upload this file once or every once in a while, I would suggest going to your favorite FTP program and uploading the file that way.  Doing so would lessen your security risk.  When you change the setting for yourself, you change it for everyone that has persmission to upload to one or more folders.

If you are going to need to upload the new file type regularly, and the file type is not a security risk, then we can move on to changing the setting to allow for this file type to be uploaded.

Unrestricting a Restricted File Type

As I stated earlier, allowing a restricted file type is quite easy.  First, login to the website using a "Host" account.  If you are not the host, or are not sure what I mean by that, you will need to talk to the person who set up your DotNetNuke website.

Once you are logged in as a host, go the Host Menu, and then select the Host Settings.

Host Menu - Host Settings

In the Host Settings, you will need to scroll down to the bottom of the page and expand the "Other Settings" section that is found in the "Advanced Settings" section.

Host Settings > Advanced Settings > Other Settings

In the "Other Settings" section you will notice a field titled "Allowable File Extensions" with a multi-line textbox next to it.  This is the field that we are interested in.

Host Settings > Advanced Settings > Other Settings > Allowable File Extensions

You will notice that there is already a list of file types that are allowed. In DotNetNuke 5, they are as follows:

swf,jpg,jpeg,jpe,gif,bmp,png,doc,xls,ppt,pdf,txt,xml,xsl,css,zip

Adding your file type is quite simple.  Let's assume that you want to upload a video file type, such as AVI.  If you want to always allow this file to be uploaded, simply add ",avi" to the end of the existing list of file types.  That would make the text in the textbox look like this:

swf,jpg,jpeg,jpe,gif,bmp,png,doc,xls,ppt,pdf,txt,xml,xsl,css,zip,avi

Now, just click the Update link at the bottom of the page to save this setting.  Once you do, you will be able to upload any AVI files throughout the website.

Technorati Tags: , , , , ,

Copyright ©2009 Will Strohl

TrackbackPrint
Tags:
Categories:DotNetNuke
Location: BlogsParent SeparatorThe Mighty Blog

10 comment(s) so far...


Gravatar

This review of file extensions (i.e., forced MIME Types) was an excellent demonstration.
Thanks, you have solved my questions today on how to resolve the following error:
The File C:\DNN\Portals\0\HOLD\200904news.docx Is A Restricted File Type. Valid File Types Include ( *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.template ). Please Contact Your Hosting Provider If You Need To Upload A File Type Which Is Not Supported.

By Swettenham on   3/6/2009
Gravatar

It was my pleasure. I am happy that I was able to help you.

By Will on   3/6/2009
Gravatar

Hello,

How to integrate the swf file in dotnukenet .It should cover the whole page in that whole there should be only swf files onces it click on that swf it should goes on to static page that is home page

By deepthi on   4/27/2009
Gravatar

I think someone was lost in translation, as I am not understanding what your point is. Are you talking about a splash page?

By Will on   4/27/2009
Gravatar

Hello,

I am desperate to get help for this so I thought I would try this:

I am using Dotnetnuke 4.9.0 as my CMS to build my website.

I am using a flash video player called Ultra Flash Player 6.4. I was able to upload my mp4 video to my ftp server but now I am having problems playing it.

I am using GoDaddy to host my website on an IIS 7 Server. When you click on the video, you see the correct time displayed of 5:02 and the video starts playing but you can only hear the sound and not see the video!

I called GoDaddy and they said the the mime mp4 extension is allowed on that server and that they can't support me any further because they don't support DNN.

I really need to get this up and going so any help would be appreciated.

Thanks.

By Amer Ghafari on   8/20/2009
Gravatar

@Amer Without seeing your project, I am not sure where to point you to. Especially since I have not used Ultra Flash Player. Sorry, but there are many unknown variables that surround the question you're asking. That being said, I will would point you to re-verify your media file, then check the markup.

By Will on   8/20/2009
Gravatar

Hello Mighty,

This is Amrita.I have some quick questions related digFlash module implementation in dotnetnuke 5.x.The steps which I followed are following ..

1. I just installed digFlash module into dotnetnuke 5.x and add this module on my potal.

2. Then did the settings digFlash admin settings and upload my SWF file but this file having some dependencies on resources file which is having some images.This SWF file uploaded very well in my digFlash module but its not showing flash file contents which are dependent on my resource file so please help me out that how i can attach this resource folde or some other dependent folder for proper mapping means from where my swf file can pick the resources for showing properly.
3.According to yours guidance on dotnetnuke forum i pasted my all
resource files over their location where my flash module is requesting( C:\Inetpub\wwwroot\DotNetNukeLocal\Portals\0)but
still dnn url is not able to pick my resources file.Please help me out of
this situation.

Thanks and Regards
Amrita Vishnoi

By Amrita Vishnoi on   2/18/2010
Gravatar

Unless I am misunderstanding, this is a question better posed to the digFlash module vendor for support. I've never used that module myself.

By Will on   2/18/2010
Gravatar

it was very usefull.thank you so much.

By shabnam on   5/23/2010
Gravatar

Thanks for this article Will! Solved my problem!

By Fahad Nadeem on   6/28/2010

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Comment:
Security Code
CAPTCHA image
Enter the code shown above in the box below
Add Comment   Cancel 
Add to Technorati Favorites
Tweet about my blog
Will Strohl - The Mighty Blog - RSS Feed

Categories

Tag Cloud

Sort by:Tag | SizeRSS
camp   community   dnn   dotnetnuke   dotnetnuke®   event   example   free   get   group   integer   jquery   meeting   module   odug   orlando   search   session   think   use  
The opinions expressed here are the personal opinions of Will Strohl and do not necessarily represent the views and opinions of the DotNetNuke Corporation.
© Copyright 2004-2010 by Will Strohl. All rights reserved.Website Skinned By: Ralph Williams  Website Hosted By: Applied Innovations