Currently if we try to upload a file type which is not a standard image file I get the following error.
It would be useful to be able to upload IDF files, as well as other file types such as EnergyPlus outputs, OSM files, etc.
It's currently possible to upload an IDF (or any other file type) by changing the extension it, e.g. <my_file_name>.idf
becomes <my_file_name>.jpg
, which seems to negate any security benefits of not allowing arbitrary file uploads (while also providing a hacky workaround).
Example:
C:\fakepath\IDF.jpg - right-click and save as IDF.idf
.
I see two things that could happen:
Fix the renamed file workaround by actually checking filetype rather than trusting the extension, and provide/recommend some other standard way of sharing files
Allow arbitrary file uploads - up to a size limit? - disallow executables? - and warn downloaders that they are download at their own risk (as with any other file on the internet)
I'm sure there are other options but I wanted to get the idea out there.