Optional restriction of file uploads

The file upload dialog has been improved with a new setting that only lets you upload files with specific file extensions.

Any files can be uploaded to OpenCms using the upload dialog. This means that even very large files, such as videos (.mp4 or similar), can be uploaded to the system. Apparently, some users are doing this, even though it is not intended.

A new configuration option allows you to specify a list of permitted file extensions for uploading (whitelist).

Configuring allowed file extensions for the file upload

In the tenant app, the entry “Upload: allowed file extensions” can be edited for each tenant in the “Mercury settings” under “Further settings”. If this is set, only files with the specified file extensions are allowed to be uploaded. Multiple allowed extensions can be specified separated by commas: “png,jpg,pdf”. Specifying “*” allows all extensions.

Note: The restriction only works via the file extension. A particularly “clever” user could change the extension locally on their hard drive (e.g., .mp4 > .png), upload the file, and then change the extension back in OpenCms. This cannot be prevented.