Valid extensions?

It's all about the *NIX hate. ;)

yeah but its not all about *nix hate ;-p. Many non *nix programmers like to use the "hpp" extension or the "cc" extension or the "C" extension. (I brought this up because I noticed a attachment in the c++ forum with a "txt" extension when in actuality it was a tar.bz2 archive)

Attachments are stored in the database in the BLOB (binary string) format. Therefore, when fetched from the database, it's necessary for DaniWeb's script to pass back the appropriate mime type based on the file extension. If the attachment has a .gif extension, for example, I am going to pass 'Content-type: image/gif' based on a list of valid extensions and their corresponding mime types.

It's done this way to prevent two potentially abusive situations:

Firstly, only a predefined list of valid extensions are available to prevent people from uploading executables which might cause damage to a user's computer by auto-installing software or being viral. A non-computer saavy user might accidentally click on a Windows executable, for example, causing "DaniWeb" to install stuff on their computers without their consent. This also prevents the situation where someone could simply rename a virus-infected executable 'image.gif', for example.

Additionally, having a predefined list of valid extensions allows me to specify how to handle each extension, as opposed to leaving it up to the individual client machine. For example, I am able to specify that GIF images should always load in new browser windows instead of loading with whatever the client machine has specified for GIF images (usually an image editor such as Photoshop, etc.) which could potentially lead to computer crashes and other unexpected and inconsistent behaviour while trying to surf DaniWeb. In other words, it wouldn't be ideal if everytime a post had an attached image, Adobe Photoshop or The Gimp suddenly launched itself.

Following that theme of ensuring consistent behaviour for all users, I chose to allow the .zip extension but not the .tar.gz extension because I think that it's important for all users to have access to all files that are attached and have them be accessible in a similar way. Just about all linux distros have the unzip utility, and zipping/unzipping is built into the latest versions of Windows and OS X. However, the .tar.gz extension requires additional third party software for the files to be extracted on a Windows machine, therefore shutting out the majority of DaniWeb's audience from being able to open the files in an easy way.

You can imagine how it would get quite irritating quite quickly for Windows users who want to download attached files only to be constantly presented with an unknown type error message. Therefore, it's important for all available file types to at least be accessible on all current platforms.

At least uploading a file without extension should be allowed.

At least uploading a file without extension should be allowed.

But then it wouldn't be able to be opened by any Windows machine.

Chances are if you post a file without an extension its not meant to be open by windows users is it?

That's the whole point I'm trying to make. Every part of DaniWeb should be accessible the same way regardless of what platform someone is using. There shouldn't be an attached file that can be accessible by Linux users and not by Windows users, for example.

All windows users would have to do is right click and choose a program from a list. I hardly call this inaccessible.

I have to say that I agree with Dani. Your initial examples -- .emacs, .xmodmap, .xinitrc -- what does it matter? They're all text files. Does not having the exact filename affect the reader's ability to comprehend?

The way I see it, the extension is a universal way of identifying the type of file. Windows isn't the only operating system that uses it.

But then it wouldn't be able to be opened by any Windows machine.

Not correct -- most of the c++ header files do not have extensions and are read/written ok with most windows compilers and text editors. File extensions are not enforced by MS-Windows os. However -- if we're talking about executable files then you are correct, executables have to have .exe or .com extension.

It depends on how you have your Windows configuration setup. You can have files with no extensions automatically open in text editors, or you can have Windows ask you what program you want to open them with everytime. Regardless, it's something that's determined based on your own Windows settings. What I'm stressing is that every valid file extension permitted in attached files behaves the same way regardless of the visitor's platform and regardless of how their system is configured.

Ok fine I concede...you do have a point. But surely you cannot make a case for not allowing the "odt" extension?

When I create a new empty file with the .odt extension and I double click it from within Windows Vista, it tells me it's an unknown file type and asks how I want to handle the file. I only want to stick with file extensions that can be read by all platforms for everyone (or at the very least, the vast majority of people). Otherwise, it really hurts the DaniWeb experience when users click around and find that to view certain pieces of material, they have to install this plugin for this or download that extension for that, etc.

>But surely you cannot make a case for not allowing the "odt" extension?

I think that would go against the "universally accessible" thing that Dani is trying to create. For Microsoft Office users to be able to read the OpenDocument format, they'd need a special plugin.

I am just wondering why you can only post attachments with certain extensions? I mean seriously whats the point? What if I want to distribute my .emacs file or my .xmodmap file or my .xinitrc file? What if someone wants to post a tar.gz or a tar.bz2 archive?

If you want to distribute such files, zip them up and then attach the zip file. Once someone downloads the zip file, they'll have the files they can do what they want with. However, by that point, they'are aware that they unzipped the file and are working off of their own computers.

The situation this prevents is unaware users innocently clicking around on DaniWeb and suddenly having their graphics editor or programming IDE or other such thing automatically opening on them. The DaniWeb experience should be contained to a web browser.

> If you want to distribute such files, zip them up and then attach the zip file.

Just to clarify, yes, I am being a bit hypocritical here. However, I want to point out that this is more of a workaround than anything, and I am mentioning it simply to remain objective.

Well how about "cc" or "C" or "hpp"?

Adding .rar, .uha and .7z extension to the list would be a good idea. They are much more powerful archives than zip.

Adding .rar, .uha and .7z extension to the list would be a good idea. They are much more powerful archives than zip.

I think that you're missing my point.

That was outside the discussion here... Just a thought. Nevermind.