Default file types for user and group profile pictures #8193
TheoStefou
started this conversation in
Ideas
Replies: 1 comment
-
Also, maybe renaming the options to something to better indicate what they do could be a good idea. Looking at "ckan.upload.user.types" doesn't really say a lot about it affecting just the profile image of the user. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello everyone,
I would like to suggest that the configuration options
should have default values in the default generated ckan.ini file. PNG, JPG files should be fine and if someone would like to add more, they would be responsible for the file types they add.
In my case, my ckan instance was used for phishing other platforms, as malicious users uploaded html files as their profile pictures and phished users of other platforms by sending them the direct urls of the "profile image" resources.
As an administrator/maintainer, I expected that a profile "image/picture" should by default only accept that: images/pictures, and I believe that it is not an invalid expectation.
Greetings
Beta Was this translation helpful? Give feedback.
All reactions