We discovered a loophole with the upload control. If file types are limited by extension, the user can type an asterisk (*) in the file name text box and upload any file type they want.
We end up have to check file types server side after the upload, delete disallowed types and then notify the user. Has anyone else experienced this? I'd like if it could all be done client side with no loopholes.
We end up have to check file types server side after the upload, delete disallowed types and then notify the user. Has anyone else experienced this? I'd like if it could all be done client side with no loopholes.