An option for whitelist and blacklist should be made available, preferably by MIME type, as long as this doesn't have limitations with custom file types.
- Note: max size of attachment is already supported and configurable per wiki (note: there's no UI for it ATM, only xobject edition)
- Add an Admin UI to configure max size for attachments (impl note: possibly requires some refactoring to move the config property out of XWikiPreferences)
- Using an xobject, no need for a UI in a first version
- Provide a configuration in xwiki.properties and in the Admin UI (i.e. for each subwiki) to allow/disallow uploading attachments of given mime types or file extension (provide both a black list and a white list, and one have precedence over the other one)
- The allowed/disallowed mime types would be only at user level and not at API level (i.e. not in the Attachment Store) so that applications and extensions can save any mime types/file extensions.
- Modify the attachment upload UI ("choose files" in the attachment tab) to issue an error if the selected file is not of a supported mime type/file extension
- Client-side check for best usability
- See https://developer.mozilla.org/en-US/docs/Web/API/File
- Note that the file picker (and probably the file drop area) can be configured to limit the type of files that it accepts. Basically, for the file picker, when the user browses their file system they will only be allowed to select the type of files we specify. This is used for the office macro for example, to limit what types of files the user can select, e.g. https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-office/xwiki-platform-office-macro/src/main/resources/templates/html_displayer/officeresourcereference/edit.vm
- Perform checks in all the end points uploading attachments
- Modify the REST end point to check the config and return an error if not allowed
- Modify the upload vm to check the config and return an error if not allowed
- Provide a specific vm to display a proper error and not the generic stack trace vm (exception.vm)
- Don't include the ability to disable attachment uploading (currently not possible) in a first version
- We cannot guarantee 100% that attachments of a forbidden mime type will be prevented since getting the mime type is a guess based on the file extension + attachment content parsing (we would be relying on Tika to provide the mime type to us)