Is there a way to prevent users from uploading executable files such as .exe and .msi files directly into Alfresco Share?
I am looking for a solution that will restrict the upload of executable files in Alfresco Share right at the moment of upload, rather than relying on a rule to delete them afterwards. Any suggestions or guidance would be greatly appreciated.
Within the upload.js file on the client-side, similar to flash-upload.js, there exists a method called setFileFilters. This method retrieves information from both this.showConfig.filter and the object itself.
The file description states:
* filter: {array}, // limits what kind of files the user can select in the OS file selector
I have utilized this method to allow clients to upload different file types when uploading a new version.
Please add .exe to the filter array (refer to it first, as I do not remember the exact syntax).
For additional information, please refer to this link.
However, this does not completely prevent users from uploading executable files. They can still use * in their query or utilize drag-drop, webdav/cifs, or another client.
If you wish to fully disable this functionality, you can create a Java Behaviour that triggers the onCreateNode Policy. Check the content's mimetype upon addition and remove it if necessary.
After encountering the same issue, I came across a helpful solution in the form of Alfresco: Mime Type Blocker created by Angel Borroy.
Within Alfresco, all file formats are supported with no built-in restrictions on allowed MIME types. This means that executables, databases, and potentially harmful content can be stored without limitations.
This add-on offers an Alfresco extension to establish a mime type blacklist within alfresco-global.properties and introduces an aspect called Mime Type Restrictable for determining which folders will enforce this restriction.
The process involves defining a blacklist of blocked mime types by configuring a variable in the alfresco-global.properties file:
## Samples ## STARTS WITH video = video* ## ENDS WITH xml = *xml ## CONTAINS pdf = *pdf* ## EXACTLY ONE = application/octet-stream ## MANY (use pipes) = application/octet-stream|application/zip|video* mimetypes.restricted.expression=video*
Additionally,
Using the default Alfresco Share folder action 'Manage Aspects', the Mime Type Restrictable aspect can be applied to designated folders as needed.
This allows you to specify where the rule should be enforced.
EDIT 2016-05-27
I also discovered an alternative method based on rules:
To begin, create a simple javascript webscript named block-document.js designed to throw an exception:
function main()
{
var name = document.name;
var siteName = document.siteShortName;
var parent = document.parent;
throw "Unsupported file format";
}
main();
Then upload it via Alfresco Share into the
Repository>Data Dictionary>Scriptshttps://i.sstatic.net/RKwBM.png
To apply a rule to a folder (and potentially its subfolders), select the desired folder and navigate to the Folder Actions menu to choose Manage Rules.
https://i.sstatic.net/IYRrP.png
You can then create a rule that triggers the previously uploaded script when adding a new document with specific mime type(s) to the folder.
https://i.sstatic.net/CY674.png
This approach offers the advantage of being able to apply the rule to subfolders simply by checking a checkbox option, while applying the aspect to each individual folder was required in the previous method.
Users uploading documents will immediately receive a warning if the file is not successfully added to the repository, regardless of their chosen upload method.
I have been developing a news application with Vue 3 and the News API. I am currently implementing a feature for loading more articles on the page. Initially, there are 24 articles displayed, and if there are more articles available than the current numbe ...
Check out this efficient DateTimePicker example. <head> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/js/bootstrap-datetimepicker.min.js"></script> <link rel="stylesh ...
My current setup involves having a local HTML page named leaflet.html, which is being shown in an embedded browser within a python-tkinter application. Within the leaflet.html file, there exists a straightforward JavaScript code snippet that includes a fu ...
Within my web app, I have implemented dynamically generated Bootstrap 5 dropdown menus that can sometimes be extensive. To optimize screen space usage, I am seeking a way to alter the offset computed by Popper.js through javascript. Unfortunately, I have e ...
Can someone guide me on creating a block of images when working with an array of random items? https://i.sstatic.net/qEcQy.png ...
I created an Ajax code that retrieves results from a txt file in real time, which are then automatically displayed in a div block using the following lines: if (xmlhttp.responseText != "") { InnerHTMLText = xmlhttp.responseText + document.getElementBy ...
In my Angular 8 project, I am working with a WordPress RSS feed to create a news scroller. The information from the feed is parsed into a JavaScript object using rss-parser from node.js. One of the challenges I am facing is extracting a HTTP link, an imag ...
I'm currently working on a homepage that requires different page links. Below you can find the necessary code snippet for setting up the tabs and routes for each page: <li> The tabs are located here - <Link to="/demo">D ...
Currently, I am facing an issue with my Angular 2 application running on Google Earth. The problem arises as Google Earth uses an outdated version of Chrome that is not compatible with Angular 2. To tackle this obstacle, I need to find a way to initiate th ...
I've recently started diving into React. I've seen conflicting opinions on using refs - some sources claim it's a bad practice altogether. Can someone clarify this for me? Is it harmful to attach refs to child components in order to access ...
Is there a way to extract data from the Response in DevTools using Selenium? I'm having trouble finding a solution. https://i.sstatic.net/T9ALa.png I'm unsure of how to retrieve response data. Any advice would be appreciated. ...
I'm currently facing an issue where I am trying to send form fields that are linked to specific observables to my server as a JSON object, but I keep receiving an empty JSON string on the server side. I want to avoid sending the entire view model just ...
Transitioning from a .NET background to learning JavaScript has presented some challenges, particularly when it comes to handling arrays of objects. Unlike in .NET where using structs or structures provides convenience, JavaScript requires a different appr ...
I've developed a script that automatically inserts checked checkboxes and radio options into the value() of an input field. var burgerName = meat + " with " + bread + " and " + onion + tomato + cheese + salad; $('#burger-name').val(burger ...
Within my code, I am dealing with an array of objects that contain sub-objects. This particular array is utilized in an ng-repeat to display data in a table format. To illustrate, consider the following example: device { "name": "computer" ...
My website primarily targets mobile devices, with tabs in the top navigation. Currently, these tabs are hard coded instead of utilizing Javascript. We want to ensure our site is accessible on all mobile devices, including those without Javascript support. ...
I'm new to coding and I have a website that showcases job listings. I want to create a function that dynamically changes the logo of a company based on the first 50 characters of the company name mentioned. The current function only works for the firs ...
Is there a way to effectively disable a link in jQuery without changing the anchor's href attribute? I initially tried setting disabled to true, but it seems that approach isn't working as expected. The goal is to prevent the user from being redi ...
I have added a countdown feature to my Laravel 5 application and I am trying to adjust the font weight of the text, but I am facing some difficulties. When I set the color to #fff, the font-weight works perfectly fine, but when I change the color, the font ...
I am in need of modifying the code on this Plunker: plnkr.co/edit/Mvrte4?p=preview I want to remove user roles so that all users have access to the same page. If possible, I would like the modified code to be split into two pages: Page 1: index.html co ...