Due to our company pen testing report on osTicket, I need to be able to restrict certain file types in the staff system from being uploaded (for example .exe files). I know this is possible to do in the client area but I wonder whereabouts in the application I could add some additional logic for the staff functionality? I'm using v1.14.3 on Linux.
Any help would be really appreciated.
Admin panel -> Settings -> Tickets
Scroll down to Attachments.
Click the Config button.
If you use Tasks then also go to:
Admin panel -> Settings -> Tasks
Click the Config button.
Thank you for your reply. I actually want to prevent admins from uploading certain file types. I thought the config you mention does not affect the SCP but only affects client users?
I am not of the opinion that it is for only Users. So I asked one of the Devs and he IS of the opinion that it is only for users. I'm looking deeper now.
Follow up.
Agents are trusted and don’t really have restrictions for the Reply Box.
They do have restrictions when opening a new ticket (and adding a file to the Issue Details).
These restrictions are set at:
Admin panel -> Manage -> Forms -> Ticket Details
See Issue Details, and click on the Config button.
