Restricting uploads in the DotNetNuke Text Editor using the "add link"

2
votes

I am building a DotNetNuke 5.6 Module. The module contains a form with some textboxes and the dotNetNuke Rich text Editor. Users are supposed to fill this form and it is saved to the database. Everything is working just fine.

The problem though is that users can use it to upload images or documents to the server if they select to add a link. The problem here is : Users will upload documents to the portal root which will make them visible to other users. We do not want this to happen as each user's documents are private and should not be visible by other users.

The question is: Can I restrict users to upload documents to a specific folder visible only to that user? this is to prevent different users from seeing each other's private documents? OR Can I restrict users from uploading documents altogether?

Thanks

1
dotnetnukedotnetnuke-5dotnetnuke-module

1 Answers

5
votes

Folder security settings are found in the Admin - File manager. Write permissions control upload:

Folder security settings

Allowable File Extensions are in the Host Settings - Other Settings. This is a global security feature, and does not include common media file extensions by default:

Allowable File Extensions

In addition, different HtmlEditorProviders do have folder and upload settings in their configuration. HtmlEditorProviders are configured with provider-specific web.config properties and configuration files that are found under /Providers/HtmlEditorProviders.

Telerik provider has ImageManager.ViewPaths, ImageManager.UploadPaths and ImageManager.DeletePaths properties, and also maximum upload sizes for different file extension groups (image, media, document, flash, silverlight, template ). Cute Editor has some support for role-based default upload directories, but I couldn't find these in the Telerik provider.

See also:

How to Upload Restricted File Types in DotNetNuke