Will "the Mighty" Strohl

How to Upload Restricted File Types in DotNetNuke

DotNetNuke comes with quite a few security features right out of the box.  One of those security features is not allowing the uploading of uncommon or harmful file types.  Why would this be a security feature?  Simple.  There are several file types that could be uploaded to your website that would be able to execute code directly against the web server and/or the database server.  As you might imagine, that is not a good thing.

Before We Change the Setting

It is actually quite easy to upload restricted file types in DotNetNuke.  But before we do, we probably need to consider a couple of questions:

  1. Is the file absolutely necessary?
  2. Are the contents of the file trusted?
  3. Will we need to upload this same file type again in the future?

These questions are very important and should be considered before continuing.  First of all, you probably already have #1 answered if you're reading this.  Let's move on.

Learing if the contents of the file are safe in many ways is an acquired skill.  If you are unsure if the file and it's contents can be trusted, you may need to consult with your favorite techie friend.  For the most part, common files that you work with on a daily basis are probably safe.

Finally, if we only need to upload this file once or every once in a while, I would suggest going to your favorite FTP program and uploading the file that way.  Doing so would lessen your security risk.  When you change the setting for yourself, you change it for everyone that has persmission to upload to one or more folders.

If you are going to need to upload the new file type regularly, and the file type is not a security risk, then we can move on to changing the setting to allow for this file type to be uploaded.

Unrestricting a Restricted File Type

As I stated earlier, allowing a restricted file type is quite easy.  First, login to the website using a "Host" account.  If you are not the host, or are not sure what I mean by that, you will need to talk to the person who set up your DotNetNuke website.

Once you are logged in as a host, go the Host Menu, and then select the Host Settings.

Host Menu - Host Settings

In the Host Settings, you will need to scroll down to the bottom of the page and expand the "Other Settings" section that is found in the "Advanced Settings" section.

Host Settings > Advanced Settings > Other Settings

In the "Other Settings" section you will notice a field titled "Allowable File Extensions" with a multi-line textbox next to it.  This is the field that we are interested in.

Host Settings > Advanced Settings > Other Settings > Allowable File Extensions

You will notice that there is already a list of file types that are allowed. In DotNetNuke 5, they are as follows:

swf,jpg,jpeg,jpe,gif,bmp,png,doc,xls,ppt,pdf,txt,xml,xsl,css,zip

Adding your file type is quite simple.  Let's assume that you want to upload a video file type, such as AVI.  If you want to always allow this file to be uploaded, simply add ",avi" to the end of the existing list of file types.  That would make the text in the textbox look like this:

swf,jpg,jpeg,jpe,gif,bmp,png,doc,xls,ppt,pdf,txt,xml,xsl,css,zip,avi

Now, just click the Update link at the bottom of the page to save this setting.  Once you do, you will be able to upload any AVI files throughout the website.

Technorati Tags: , , , , ,



blog comments powered by Disqus