[eluser]Digitalman65[/eluser]
My very first attempt at a CI application is what I would consider a pretty simple matter, a simple form that allows me to pick a file off my local system and upload to my web server (and place it into a specific folder - ie. upload, etc.). I ran into the "allowed_types" configuration option for the Upload class and immediately assumed that not setting the option would allow any file type to be uploaded. Boy was I wrong. Found supporting messages in the forum too. Also looked at the class file and see why it does what it does.
My question is: why does it do what it does? To what end? Security? Okay, I'll buy that. Security is good for those who want/need it. But what happens to those who need to allow all types of files to be uploaded?
There seems to be only two choices: 1. Create some giant list of allowed types (not a good solution at all since it doesn't allow for ANY type - ever hear of a .MMM file? ..that's Magix Music Maker) 2. Don't use the Upload class. So if I don't like #1, then #2 it is, but then what's the point in using a framework such as CI and having an Upload class if that framework is going to put limits on me in undesirable ways. I choose #2, write my own handler for file uploads of any type of file and I have gained nothing by using CI.
It seems to me that the framework is there to help me not hinder me. Allowing me, the developer, to make the decision to have high security(allowed file types) or low security(all file types) is the best solution all around. Let the developer make that decision, don't impose it.
I cringe at the thought of modifying the CI code to suite my needs or writing my own Upload class, but it seems I'm facing this decision now and it's my very first CI app. Hopefully, I won't find any other oddities like this in other areas of CI. I also hope the CI development team reads this and makes a decision to change the Upload class and put the decisions in my hands.
