Hi all,
I have a problem with OJS 3.3.0.7, all file able to upload, and this make my journal vurnerable, please see this screenshot.
i dont want authors upload file .py, .phtml, .py
Thanks you
You can use “Allowed Uploads Plugin”, “Control Public Files” plugins
I also highly recommend using the “ConfigServer eXploit Scanner” plugin on the server side.
Is your files directory inside the web root? If so, that’s an unsafe configuration. See for example:
https://docs.pkp.sfu.ca/admin-guide/3.3/en/configure#secure-files-directory
Regards,
Alec Smecher
Public Knowledge Project Team
hai @kerimsarigul
i try to install that plugin but not support for OJS 3.3.0-14
what should to modify?
You are using version 3.3.0.7 of OJS. These plugins should work on your system.
How do you install the plugin?
What error are you encountering?
this one work out. im just forget a administrator installation username password. now has solved. thanks
The “Control Public Files” plugin is only a partial solution; you will also need to ensure that your files directory is outside the web root, as recommended above. Otherwise you will still be risking the exposure of submission files to unauthenticated users.
Regards,
Alec Smecher
Public Knowledge Project Team
1 Like
This topic was automatically closed after 10 days. New replies are no longer allowed.