diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/file/file.field.inc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/file/file.field.inc b/modules/file/file.field.inc index ddd449e7e..12420d846 100644 --- a/modules/file/file.field.inc +++ b/modules/file/file.field.inc @@ -122,9 +122,12 @@ function file_field_instance_settings_form($field, $instance) { '#type' => 'textfield', '#title' => t('Allowed file extensions'), '#default_value' => $extensions, - '#description' => t('Separate extensions with a space or comma and do not include the leading dot. Leaving this blank will allow users to upload a file with any extension.'), + '#description' => t('Separate extensions with a space or comma and do not include the leading dot.'), '#element_validate' => array('_file_generic_settings_extensions'), '#weight' => 1, + // By making this field required, we prevent a potential security issue + // that would allow files of any type to be uploaded. + '#required' => TRUE, ); $form['max_filesize'] = array( |