Supported File Types

JSON Markdown
This page displays the current file type restrictions pulled directly from the system code. Last updated: November 21, 2025 10:39 PM

Free Tier

Available to all users with free accounts

Documents
.pdf .doc .docx .xls .xlsx .ppt .pptx .txt .rtf .odt .ods .odp
Images
.jpg .jpeg .png .gif .bmp .webp .tiff .svg
Archives
.zip .rar .7z .tar .gz
Text/Code Files
.sql .csv .json .xml .html .htm .css .js .md .ini .conf .cfg .yaml .yml .log .py .rb .php .pl .sh .ps1 .go .rs .cpp .c .h .java .scala .kt .swift .dart .ts .tsx .vue .svelte .env
Total: 61 file types supported

Premium & Enterprise Tier

Premium and Enterprise users have access to all Free tier types plus:

Video Files
.mp4 .avi .mov .wmv .flv .webm .mkv .m4v
Audio Files
.mp3 .wav .flac .aac .ogg .m4a
Design Files
.psd .ai .eps .indd .sketch .fig .xd
Premium Only: 21 additional file types
Total (Free + Premium): 82 file types supported

Forbidden File Types

These file types are blocked for security reasons and cannot be uploaded by any user tier

Executables
.exe .bat .cmd .com .msi .scr .pif .cpl .dll .ocx
Scripts
.vbs .vbe .vb .vbscript .js .jse .wsh .wsf .ws .sh .run
System Files
.lnk .reg .inf .ins .inx .gadget .app .job
Mobile Apps
.apk .ipa
Other Binary
.bin
Security Notice: These file types pose security risks and are permanently blocked across all account tiers.
Enterprise Exceptions: If your Enterprise organization has legitimate business requirements to share blocked file types, exceptions may be considered upon formal request. Contact your account manager or submit a request for review. All exceptions require security assessment and approval.

Technical Details

Validation Process
  1. Client-side pre-validation - File type checking before upload
  2. Server-side extension validation - Forbidden extension check
  3. Tier-based restrictions - User tier determines allowed types
  4. Content-Type validation - MIME type verification
  5. Upload token validation - Cryptographic token verification
  6. MIME type verification - Post-upload content inspection
  7. Malware scanning - QuickSand static analysis
API Access

You can access this data programmatically:

  • GET /file_types.php?format=json - JSON format for API consumption
  • GET /file_types.php?format=markdown - Markdown format for documentation
  • GET /file_types.php - HTML format (this page)
Source Code

All file type validation uses centralized functions in includes/functions.php:

  • getForbiddenFileExtensions() - Returns array of forbidden types
  • getAllowedFileExtensions() - Returns array of free tier types
  • getPremiumFileExtensions() - Returns array of premium-only types
  • isFileExtensionAllowed($ext, $tier) - Validates a file extension
  • getFileMimeTypeMappings() - Returns extension to MIME type mappings

Documentation Integration

How to Reference This Page

Instead of maintaining static lists in documentation, reference this page:

In Markdown documentation: 
For current file type support, see: [File Types Reference](/file_types.php)
Dynamic inclusion in PHP: 
$allowedTypes = getAllowedFileExtensions();
$premiumTypes = getPremiumFileExtensions();
$forbiddenTypes = getForbiddenFileExtensions();
Fetch via JavaScript: 
fetch('/file_types.php?format=json')
  .then(res => res.json())
  .then(data => console.log(data));