Discussions

Expand all | Collapse all

Restrict .bat and .exe upload as an attachment

  • 1.  Restrict .bat and .exe upload as an attachment

    Posted 12-12-2017 06:33
    While uploading attachments to the tool in the attachment field i want to restrict the upload of .exe and .bat files in the tool. Is there any way to do that?


  • 2.  RE: Restrict .bat and .exe upload as an attachment

    Posted 12-12-2017 07:13
    Hi Gaurav,

    There is no native feature for solving this. But, someone from MCF technologies had posted an alternate solution for this.

    Please have a look here.

    Do let me know if this solution works for you.

    Thanks,

    Gaurav Sharma


  • 3.  RE: Restrict .bat and .exe upload as an attachment

    Posted 01-23-2018 21:05
    I wrote this to be used with IOL and it seems to do the trick. This just checks for .bat and .exe extensions, you can add more by including them in the "f_no" expression, separated by pipes. Also, that being said, this just checks the name of the file. So feasibly, someone could take an exe, rename it "virus.txt" and pass the filter. This is sort of hard to lock down without server-side processing at your disposal, but this is a pretty good first line of defense. 


    $('input[type=file],select', 'body').attr("onchange", "validate(this)");
    //this adds the validate function to every file attachment field in the record

    function validate(file) {
        let f_no = /(\.bat|\.exe)$/i;
        let input = $(file);
        let filename = input.val().split('\\').pop();
        let ext = filename.substr( (filename.lastIndexOf('.') +1) );
        if(f_no.test(filename)) {
              alert("To protect against potentially harmful software, we don't allow attachments with certain file extensions, including ."+ ext+ ". Please select either an image, email, document or PDF and try again.");
              input.val("");
        }
    }


  • 4.  RE: Restrict .bat and .exe upload as an attachment

    Posted 01-26-2018 14:06
    Oops, one quick update. 
    Change  $('input[type=file],select', 'body')

    To $('input[type=file]', 'body')

    I had mistakenly grabbed all "select" types, which meant that all drop downs now had a new onchange function. This pushed the native QB functions to onblur, which meant form rules and formulas only ran after the cell was exited. 

    Oh well, you live and you learn. 


  • 5.  RE: Restrict .bat and .exe upload as an attachment

    Posted 01-26-2018 14:09
    I was wondering about that but I didn't want to take away from the glory of you using IOL!