New Feature: Upload Restrictions

Call admins now have the ability to restrict which types of files are allowed for uploads.

The new setting is in two places: the form builder and the Publishing Module. In both cases it is a safelist (as opposed to a blocklist) meaning authors are only allowed to upload files with extensions you specify. Or put another way, authors are prohibited from uploading files not in the list.

For example, if you are collecting speaker headshots and only want JPEGs, you would enter “jpeg jpg”. That way, only filenames ending with “.jpeg” or “.jpg” would be allowed.

Screenshots of new filetypes settingThe image to the right contains two screenshots. The one on top shows how the new setting looks in the form builders while the one on the bottom shows the setting in the Publishing Module.

Here are some other important details about the new feature:

  • The following file extensions are included by default whenever a file-upload field is added to a form or the Publishing Module is activated:
    • Compressed archives (.zip)
    • Images (.gif, .jpeg, .jpg, .png, .tif, .tiff)
    • PDFs (.pdf)
    • Powerpoint presentations (.ppt, .pptx)
    • Videos (.mov, .mp4, .wmv)
    • Word docs (.doc, .docx)

    Feel free to add or remove the default extensions to suit your needs.

  • Extensions may be entered any number of ways:
    • uppercase or lowercase (e.g. “JPEG” and “jpeg” are identical)
    • with or without commas (e.g. “jpeg, jpg” and “jpeg jpg” are identical)
    • with or without a dot (e.g. “.jpeg” and “jpeg” are identical)

    You can even mix and match! (e.g. “jpeg .jpg, gif, .PDF”)

  • Enter as many extensions as you like. There is no limit.
  • The feature is designed to catch any file with an extension that does not match its actual type. For example, if you only allow files ending in “.gif” and someone uploads a file named “upload.gif” that is actually a PDF, the system will reject the file.
  • It is only possible to safelist extensions. (Blocklists are not as secure.)
  • Leave the setting blank if you do not want to have any restrictions. It is extremely important to understand, however, that this is not recommended because it allows users to upload any type of file, including executables (.exe), which are extremely risky.
  • Lastly, consider limiting the list to common filetypes. Doing so might place a bit of an extra burden on authors but it will make life easier for reviewers. Take presentations for example. You could allow Powerpoint (.ppt and .pptx), Keynote (.key), Prezi (.exe), and Visme (.zip) files but this can cause two problems:
    1. Reviewers would need all of those applications to view files.
    2. A couple of the extensions (.exe and .zip) are not limited to presentation applications and would allow any executable or compressed archive to be uploaded.

    Instead, consider allowing only PDFs (.pdf), which can be generated from any of the above applications and can be viewed by reviewers in any web browser.

I hope you will find the new setting useful. If you have any feedback please do not hesitate to let me know. And if you have any tips for other call admins, please be sure to leave them in the comments below.

PubMod Updates

The Publishing Module has a number of exciting improvements in place:

  • The module now uses the domain mtgsked.com instead of the main proposalspace.com domain.
  • Virtually all of the ProposalSpace-specific branding is gone, making the meeting-specific branding stand out more.
  • The meeting name, location, and dates can now be customized in the module’s settings.
  • Pages are responsive (i.e. they display nicely on mobile devices).

References to old URLs (using the proposalspace.com domain) should automatically redirect to the new domain, so there’s no need to update your code if you use the iFrame or JavaScript implementations to publish session info on your own site. You can if you want, of course, but there shouldn’t be any need to.

Please don’t hesitate to let me know if you come across any issues or have any suggestions for improvement!

New Feature: Publishing Module Customizations

Call admins can now select specific questions to use for session titles, role-user names, and role-user organizations in the Publishing Module.

Previously the system made its best guess which questions to use. (Basically it used the first question in the main submission form for the session’s title, the first question in each role form for an individual’s name, and the second question in each role form for that individual’s organization.)

screenshotNow you can select which field(s) to use for each value. Just click the Settings… link next to the field you want to change. (See screenshot to the left, which shows the Settings link for the Session Title field.)

screenshotFor session titles, you can select from any question in the main submission form that uses a text field. (See screenshot to the right, which shows an example of questions that can be selected from the call’s main submission form.)

For each role, you can select one or more questions from the role form to use for both the role-user’s name and organization.

For example, if your presenter form has a Full Name question, you can just select that question and nothing else. If, however, your form uses two questions (e.g. First Name and Last Name), you can select both fields. You can even sort the questions so that the last name comes first.

The same goes for the role-user’s organization: You can use a single field from the role form or multiple fields, sorted however you like.

If you select more than one question, there is even an option to separate the answers with commas, which comes in handy if you want to display the last name first (e.g. Smith, Jane) or the organization with the name (e.g. Jane Smith, ABC Co.).

One other thing to note: The question(s) you select for the role-user’s name field not only affect how the information is displayed in the session’s details, but also how each role-user’s name is displayed in the search form’s Person field.