We are using SF 3.7 SP4 and for security, we would like to limit users to ONLY upload innocuous files, such as JPG, PNG, PDF, DOC, etc. We do NOT want to allow users to upload .js or .aspx files, for example. Nor should they be able to rename an existing file to any extension other than the allowed ones. Meaning they can't upload a .aspx page and say it's an .jpg for upload and then rename test.jpg to test.aspx and execute it.
Also, we'd like to limit which folders they can upload to and even see. By default they see the entire site but can we limit them to ~/images/ & ~/files/ for example?
Please let us know