Allowed file types
Out of the box, your Silverstripe CMS project will limit what type of files can be uploaded into the assets management section. There's two type of restriction in place based on:
- the extensions of the files
- the MIME type of the files.
File extensions validation
silverstripe/assets module ships with a whitelist of allowed file extensions. Any file with an extensions not in this whitelist will not be allowed to be stored in Silverstripe's assets management system.
The whitelist is controlled by the
You can whitelist additional file extensions by adding them in your YML configuration.
SilverStripe\Assets\File: allowed_extensions: - 7zip - xzip
Any file not included in this config, or in the default list of extensions, will be blocked from any requests to the assets directory. Invalid files will be blocked regardless of whether they exist or not, and will not invoke any PHP processes.
You can also remove pre-existing entries from the whitelist by setting them to
SilverStripe\Assets\File: allowed_extensions: zip: false
MIME type validation
Another type of validation that can be applied to files uploaded in Silverstripe CMS is MIME type validation. When MIME type validation is enabled, Silverstripe will analyse the content of files at upload time to determine their MIME type and will reject files with invalid type.
MIME type validation also uses a whitelist of allowed MIME types.
Enabling MIME type validation
You need to install the
silverstripe/mimevalidator module in your project to enable MIME type validation. If your project uses
silverstripe/recipe-core 4.6.0 or greater, or any version of the Common Web Platform, the
silverstripe/mimevalidator module will already be installed and enabled.
Look at the
app/_config/mimevalidator.yml to view the default configuration.
You can explicitly require the module by running this command
composer require silverstripe/mimevalidator
SilverStripe\Core\Injector\Injector: SilverStripe\Assets\Upload_Validator: class: SilverStripe\MimeValidator\MimeUploadValidator
Enable on an individual upload field
$field = UploadField::create(); $field->setValidator(MimeUploadValidator::create());
Adding MIME types
By default MIME types are checked against
HTTP.MimeTypes config set in framework. This can be limiting as this only
allows for one MIME type per extension. To allow for multiple MIME types per extension, you can add these in your YAML
config as below:
SilverStripe\MimeValidator\MimeUploadValidator: MimeTypes: ics: - 'text/plain' - 'text/calendar'
Adding new image types
Silverstripe CMS support JPEG, GIF, PNG and WebP image formats out of the box. Silverstripe CMS can be configured to support other less common image formats (e.g.: AVIF). For this to work, your version of PHP and of the
intervention/image library must support these alternative image formats.
For example, this snippet can be added to the configuration of older Silverstripe CMS projects to allow them to work with WebP images.
--- Name: myproject-assetsfiletypes After: '#assetsfiletypes' --- SilverStripe\Assets\File: file_types: webp: 'WebP Image' allowed_extensions: - webp app_categories: image: - webp image/supported: - webp class_for_file_extension: webp: SilverStripe\Assets\Image SilverStripe\Assets\Storage\DBFile: supported_images: - image/webp --- Name: myproject-mimevalidator After: '#mimevalidator' Only: moduleexists: silverstripe/mimevalidator --- SilverStripe\MimeValidator\MimeUploadValidator: MimeTypes: webp: - image/webp