Limit Upload File Extension, User Approval, No public display for journal

Is there a way to limit what kind of file a user can upload when making a submission to a journal? For example, only want .doc file.

Is there a way for OJS to prevent certain file extension despite the file folder being outside the webroot?

How can we do this?

Also, is there a way that a journal manager can approve users that register on the website before they can submit and read materials?

Is there a way that users can re-confirm their registration before they have access to submit and read materials on the website?

When you make a journal not to appear publicly, how is it that users can still access it after the checkbox is ticked? Does that mean that the journal will have to be deleted for it not be accessible? Please, clarify.


Hi @newone,

Next time, please post one question per thread – it helps to keep the forum organized.

OJS doesn’t currently include a way to limit file uploads to a subset of types and we’re unlikely to add it because it would not consistently provide real security. If you’re concerned about malicious uploads, simply having the files directory outside of the web root (as we recommend in the documentation) is a complete mitigation of risk to the server. Let me know if you’ve got any further concerns about this.

There’s no current way for the Journal Manager to pre-approve new registrants, but one option would be to disable registration entirely and have the manager take over registration fully. If you’re concerned about spam registrants, make sure you have Recaptcha testing enabled; that’ll leave human registrants, but should cut the volume down considerably.

There’s an option called require_validation in that, when enabled, will require users to confirm their accounts before registrations become active.

Alec Smecher
Public Knowledge Project Team

OK. I will do that in the future.

I do not quite follow how having a folder outside of webroot prevent someone from uploading any type of file during submission? Is there a way to limit the type of file someone can upload?

Can you change the name of the folder that is outside the webroot? Should that cause any issue?

There is the normal captcha on the website and while it is not hard to read, people have been stumped when registering. In fact, it takes multiple tries for people to register. I did try Recaptcha, but that did not work because the code entered was never accepted by the system.

I ticked the checkbox that says the journal should not appear publicly, but the journal still comes out in search engines. Why does it still appear? Is deleting the journal the only way to remove it from appearing in search engines?



With multiple questions and followups in this thread, it will be difficult for others to find and follow the conversation when they have a similar question.

Can you branch these questions into new topics, or followups to some already discussed?