Pretty much everything is in the title, I wonder if there's a way without having to zip the ini file before.
I tried add .ini mime type text/html text/plain text/ini but none works.
Would it be to risky about server configuration like php.ini having same extension ? I have no idea if there's a security reason for not having .ini in mime type. Maybe the ini file can be uploaded as another extension on the server then renamed when downloaded ?
Thanks for the help.
I wouldn't recommend allowing .ini uploads files.
(2018-08-05, 12:46 AM)Wires Wrote: [ -> ]I wouldn't recommend allowing .ini uploads files.
Why? You can upload PHP files in MyBB, too, and it's obviously no security issue.
(2018-08-05, 07:07 AM)StefanT Wrote: [ -> ] (2018-08-05, 12:46 AM)Wires Wrote: [ -> ]I wouldn't recommend allowing .ini uploads files.
Why? You can upload PHP files in MyBB, too, and it's obviously no security issue.
You don't understand, the .ini files that come with MyBB are safe to use.
Any .ini files from unknown sources/users can cause serious security issues.
Do not allow it.
(2018-08-05, 05:45 PM)Serpius Wrote: [ -> ]You don't understand, the .ini files that come with MyBB are safe to use.
Your answer makes no sense. MyBB doesn't use .ini files at all. Also I was talking about PHP files users can upload by default.
(2018-08-05, 05:45 PM)Serpius Wrote: [ -> ]Any .ini files from unknown sources/users can cause serious security issues.
But how? You just claim it without any explanation.
Correct me if I'm wrong, but isn't it the case that uploaded attachments are stored in such a way that they cannot be executed on the server? So *if* at all, there would be a danger to the computer the file was downloaded to, and that, too, only if it was run. Right?
If so, that leaves open the question as to why OP couldn't create the attachment type. I tried and it worked nicely with text/plain as MIME type — once i remembered to leave out the period before the file extension: .ini
@UzGz Can you provide a screenshot of the attachment types you created?
(2018-08-06, 06:04 AM)StefanT Wrote: [ -> ] (2018-08-05, 05:45 PM)Serpius Wrote: [ -> ]You don't understand, the .ini files that come with MyBB are safe to use.
Your answer makes no sense. MyBB doesn't use .ini files at all. Also I was talking about PHP files users can upload by default.
(2018-08-05, 05:45 PM)Serpius Wrote: [ -> ]Any .ini files from unknown sources/users can cause serious security issues.
But how? You just claim it without any explanation.
So, how do you explain this .ini file in
the root folder of my website?
![[Image: a97a6b57bb19796f71661be8cc872a22.png]](https://camo.mybb.com/b969ed974088d8c3884dd64ba709b6db5bf2c2f5/68747470733a2f2f692e6779617a6f2e636f6d2f61393761366235376262313937393666373136363162653863633837326132322e706e67)
Well, if you want to allow users to upload any type of files onto your website, go for it.
Don't blame us if your website is compromised.
(2018-08-06, 11:48 AM)Serpius Wrote: [ -> ]So, how do you explain this .ini file in
the root folder of my website?
You must have added that yourself. It's not part of MyBB.
(2018-08-06, 11:48 AM)Serpius Wrote: [ -> ]Well, if you want to allow users to upload any type of files onto your website, go for it.
Don't blame us if your website is compromised.
Again, that's not how the attachment system works.
(2018-08-06, 12:15 PM)StefanT Wrote: [ -> ] (2018-08-06, 11:48 AM)Serpius Wrote: [ -> ]So, how do you explain this .ini file in
the root folder of my website?
You must have added that yourself. It's not part of MyBB.
(2018-08-06, 11:48 AM)Serpius Wrote: [ -> ]Well, if you want to allow users to upload any type of files onto your website, go for it.
Don't blame us if your website is compromised.
Again, that's not how the attachment system works.
Please do tell. Explain to all of us how the attachment system works.
Does the attachment system have a way to check all uploads for viruses/malware/ransomware?
MyBB simply stores the contents of the file. It would never create a .php, .ini or .exe file on the server.