We had recently upgraded a client site from DNN 4.x to DNN 6.x and refactored the site in a major way during the upgrade. One of the things involved as part of the upgrade was revamping the theme of the site.

Some days ago, I got a message from the client requesting to remove one of the skin objects we had placed on the site. It was a pretty simple task needing removal of a single line of markup from the Skin’s .ascx file. And as I was preparing to do the same, the reality dawned on me. I needed to get access to the client’s web-server for making the change and needed to get through a couple of bureaucratic layers which meant atleast an hour of wasted productivity. So I thought to myself, can’t we do it without needing to access the web-server.

And I was immediately reminded of DotNetNuke’s excellent built-in File Manager module. I thought I should be able to login as host, goto Host’s File Manager and access and update the Skin file from there. But when I went there, and browsed to Host Root\Skins\OurSkin folder (I am using OurSkin as a placeholder for the actual skin name for the purpose of this blog post), it only showed me .xml, .jpeg, .css etc files from that folder, but .ascx files were nowhere to be found.

Stumped, I was scratching my head as to why DNN won’t show all files in that folder even to a Host account. After a couple of minutes of pondering, I was reminded of the “Allowable File Extensions” host setting. My current thinking was that the setting controlled the file extensions that are allowed to be uploaded through DNN by end-users, but just out of curiosity, I decided to go ahead and try playing with that setting.

Allowing .ascx filesSo I went into “Host Settings” page, then to “Other Settings” tab and added .ascx as an allowed extension (as you can see in the screenshot on the right).

And as soon as I did that, and refreshed the Host File Manager and browsed to my Skin folder, voila our .ascx files were there (please see the screenshot below).

File visible in File Manager are controlled by allowed file extensions

From there on, it was pretty easy. I downloaded the Skin file (.ascx) that was being used on the site, removed the undesired Skin object from it, and uploaded it back to the same folder.

And a very important last step was to remove .ascx extension from the list of allowed extensions. Failure to do so might result in severe security implications for your site.

So in a nutshell, the “Allowable File Extensions” setting also controls the file types that are visible and uploadable through the core File Manager module.