Why my ojs 3.5 website is allowing author to upload index.php file?
In short, because a journal may legitimately want to include PHP files as part of a submission. For example, a Computer Science journal might have code attachments to submissions.
You are protected from these being used maliciously by keeping them in a file store on the server that is not web accessible. See the installation form, configuration file, and documentation for instructions on how to make sure this is the case.
If you want to control what types of files can be sent with submissions, there is a 3rd party plugin called Allowed Uploads.
Regards,
Alec Smecher
Public Knowledge Project Team
1 Like
thanks for your kind information @asmecher