File extension review: November 2014

Found an issue with the phpBB system here at NESdev? Use this forum to report problems.

Moderator: Moderators

Post Reply
tepples
Posts: 21810
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

File extension review: November 2014

Post by tepples » Fri Nov 21, 2014 6:20 pm

After the recommendation to use modern patch formats instead of IPS, I added a couple. But then I saw how many extensions are already accepted and decided that some might need a review. Here's the list of file name suffixes currently accepted in attachments on this board:

Images: bmp gif jpeg jpg png tga tif tiff
Archives: 7z ace bz2 dmg gtar gz lha lzh rar tar tgz torrent zip
Text: asm c cpp csv diz h hpp ini js log php py s txt xml
Documents: ai css doc docm docx dot dotm dotx htm html odg odp ods odt pdf ppt pptm pptx ps rtf xls xlsb xlsm xlsx
Video: ram rm wma wmv swf 3g2 3gp m4a m4v mov mp4 qt
Downloadable: fon mp3 mpeg mpg nesproject otf ttc ttf
ROM images: bin chr fds gb gbc nes nez prg rom sfc smc swc unf unif
Chip music: ftm gbs gym mml ned nsf nsfe sgc vgm
Ogg media: ogg ogm ogv opus webm
Patch: bdf bps bsdiff diff ffp gdiff ips jfp pat ppf rup ups vcdiff xdelta3 xor
Save state: ns0 ns1 ns2 ns3 ns4 ns5 ns6 ns7 ns8 ns9 st0 st1 st2 st3 st4 st5 st6 st7 st8 st9

Are any of these particularly unsafe? The phpBB administration control panel mentions something about "scripting extensions" (php, py, pl, asp, etc.) being unsafe. There are good reasons to attach, say, Python programs intended as developer tools, but they should be fine if included in a zip file so that they don't run on the server.

lidnariq
Posts: 8936
Joined: Sun Apr 13, 2008 11:12 am
Location: Seattle

Re: File extension review: November 2014

Post by lidnariq » Fri Nov 21, 2014 7:20 pm

tepples wrote:Chip music: ftm gbs gym mml ned nsf nsfe sgc vgm
spc?
[scripts] should be fine if included in a zip file so that they don't run on the server.
If they're in a zip file, then they don't need to be in the approved lists. On the other hand, if .py and .php stay on the list, .pl and .pm would be obvious additions.

Post Reply