i'm using newbb3.07 and XOOPS 2.016, i set up the forum to restrict the attachment file should be jpg, gif, zip, or rar file and the size should under 1000kb. but i could use a test account upload any type of file even .php .js and the size could also over the 1000kb limitation. i tested again at xoops.org.cn, their forum has same problem, i didn't find out where is the problem located, but it could be a critical threat. does anybody know about this and solution? thx.