Disable file type upload

mrak · 18 June 2026 07:59

I am interested to find if there is a way to completely disable/disallow certain file types upload.

For example, I would like to completely forbid my users to upload archives (.zip, .rar or similar).

I have found that if I modify config.php and add for example .zip extension to badtext array, it will rename uploaded file to .txt but what I want is to completely prevent .zip uploads.

Is there a way to do that?

pgr · 18 June 2026 10:03

Is this SuiteCRM v7 or v8?

In which module are you trying to prevent these uploads?

I can see many places where that config setting is used:

https://github.com/search?q=repo%3ASuiteCRM%2FSuiteCRM+badext&type=code

You could try overriding the code in one or several of those modules, for example, here for the Notes:

github.com/SuiteCRM/SuiteCRM

modules/Notes/Note.php

master


      
          
          
          public function __construct()
          {
              parent::__construct();
          }
          
          
          
          
          public function safeAttachmentName()
          {
              global $sugar_config;
          
              //get position of last "." in file name
              $file_ext_beg = strrpos((string) $this->filename, ".");
              $file_ext = "";
          
              //get file extension
              if ($file_ext_beg !== false) {
                  $file_ext = substr((string) $this->filename, $file_ext_beg + 1);

The way to override Bean classes… I forget. But this Grok answer seems more or less right to me.

pstevens · 18 June 2026 17:28

I think you can also do it at the server level with allowed MIME types. That may be overkill though.